By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,331 Members | 1,438 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,331 IT Pros & Developers. It's quick & easy.

WIndows and linux password

100+
P: 180
Hi guys,
How do I access system( windows/ linux ) user's password??? After the user has logged in, I want to access user's system password and set that password to my application's textEdit.

Is there any function??? The solution has to be portable...

Thanks
Jun 4 '07 #1
Share this Question
Share on Google+
20 Replies


Expert 100+
P: 181
Hi guys,
How do I access system( windows/ linux ) user's password??? After the user has logged in, I want to access user's system password and set that password to my application's textEdit.

Is there any function??? The solution has to be portable...

Thanks
You want to know the password or reset the passwords
Jun 4 '07 #2

100+
P: 180
You want to know the password or reset the passwords
I just want to access the password so that I can set it to TextEdit of my application.

Did I make sense???
Jun 4 '07 #3

DeMan
100+
P: 1,806
You want to display a password as plaintext (from the system) ?

They are kept secure for a reason.......and if that is indeed what you want to do, I do not think this is an appropriate medium to discuss it....
Jun 4 '07 #4

100+
P: 180
You want to display a password as plaintext (from the system) ?
Yes, as plainText


They are kept secure for a reason.......and if that is indeed what you want to do, I do not think this is an appropriate medium to discuss it....
Can you suggest some good medium where I can get answers???

Thanks
Jun 4 '07 #5

DeMan
100+
P: 1,806
I don't actually know where you would. What you want to do is essentially hacking (even if your intentions are innocent), and this site's policy is against promoting hacking.

While I understand that you may not intend any harm by your question, please understand that there are potential security repercussions (particularly when you want an answer posted in a public forum).

As mentioned in an earlier post, there is good reason why it is difficult to do what you want, and I can think of no legitimate reason that you would want to achieve this.
Jun 4 '07 #6

100+
P: 180
I don't actually know where you would. What you want to do is essentially hacking (even if your intentions are innocent), and this site's policy is against promoting hacking.

While I understand that you may not intend any harm by your question, please understand that there are potential security repercussions (particularly when you want an answer posted in a public forum).

As mentioned in an earlier post, there is good reason why it is difficult to do what you want, and I can think of no legitimate reason that you would want to achieve this.
Ofcourse there are vaild reasons..
Here it goes...

First I work on chemistry application where my application creates some text files. I then write program to encrypt these files. Now to encrypt these files you require a password. This password has to be the system's (user logged in ) password as per my employer.

Here are his words...

START of his words
---------------------------------------------
There is one point I see that I did not clarify. That particular bunch of
users don't want to give a passphrase every session.
They want to give one and never change it until their
site's system administrator asks them to do so..
---------------------------------------------
END of his words

So what do you say about his words...According to me he wants to set the file's password to system's (user logged in ). There is no intention for me to hack system's password. It is just that my employer wants it...

Please reply me soon, as this is really important to me...

Thanks for your understanding.
Jun 4 '07 #7

RedSon
Expert 5K+
P: 5,000
Ofcourse there are vaild reasons..
Here it goes...

First I work on chemistry application where my application creates some text files. I then write program to encrypt these files. Now to encrypt these files you require a password. This password has to be the system's (user logged in ) password as per my employer.

Here are his words...

START of his words
---------------------------------------------
There is one point I see that I did not clarify. That particular bunch of
users don't want to give a passphrase every session.
They want to give one and never change it until their
site's system administrator asks them to do so..
---------------------------------------------
END of his words

So what do you say about his words...According to me he wants to set the file's password to system's (user logged in ). There is no intention for me to hack system's password. It is just that my employer wants it...

Please reply me soon, as this is really important to me...

Thanks for your understanding.
Sorry, not sure if anyone is believing you. I don't think I would trust you.

But let me try to figure out what you are talking about. This is a windows environment is it not? First the users of your application make some text files. Then they encrypt them. They use their user password to encrypt them. Who are they trying to protect the information from? Are they trying to encrypt them for transport to your employer? Are they encrypting them to prevent hackers from seeing the files?

So now they have a password protected file on their desktop. What then? Lets assume they transfer it to their boss because their work is done. Now the boss has an encrypted file sitting on his desktop. And the only way to un-encrypt it is for the boss to know the user's password. So lets say the boss knows or has in plain text the users password. (Lets not go into how crazy that last sentence sounds). He un-encrypts it. Now he has a plain text piece of information on his desktop. Is that about what you want to happen to the data?

Now we can get into how crazy that is. First, you never, ever, ever, ever store a plain text password for anything, ever. Second, packing an encrypted file with a plain text password and giving to someone defeats the purpose of encryption. Third, if you want the user to enter their password to encrypt or decrypt it thats fine, but you should make it so the boss' password decrypts everything. Like a master key in a lock. People use passwords that they are familiar with, so chances are they are using that same password to protect their online bank account or other important thing. Making it available plain text is a serious breach of security and their trust.

Another way to go about this is public key infrastructure. Both windows and linux servers will give out certificates (I think linux calls them keys) to any user who requests them. You can then store public certificates in on the server where any user can grab the bosses public certificate and use it to encrypt.

Windows also has a security manager that will allow you to do a lot of the things that you want to do without shooting yourself in the foot by making passwords plaintext.
Jun 4 '07 #8

Motoma
Expert 2.5K+
P: 3,235
In Linux you can snag the hashed password from the /etc/passwd or /etc/shadow file. You shouldn't need to decrypt is, as you can always just test the hash against the stored value for authentication. In Windows, passwords are stored hashed in another way, which I don't know.

BUT WAIT, this may not be needed. If you are in a larger corporate/educational environment, your friendly administrators have probably set up an authentication system using some technology like Active Directory or LDAP. In that case, passwords will not exist on the local machine; you should be able to authenticate against that server one, and store some information about the login information somewhere, and read that in the future log ins.
Jun 4 '07 #9

100+
P: 180
Sorry Redson but you mistook me.
First off I use cryptp++ lib (AES::CBC ) for encryption and decryption purpose.
First, you never, ever, ever, ever store a plain text password for anything, ever.
I know that so I first digest the password using some salt and then using that encrypted password I then encrypt the file.

Second, packing an encrypted file with a plain text password and giving to someone defeats the purpose of encryption.
I think I already answered
Third, if you want the user to enter their password to encrypt or decrypt it thats fine, but you should make it so the boss' password decrypts everything.
But I want the password to be same and not public and private keys algorithm.
Since it is a chemistry application, it is useful for researchers in chemistry field. Now suppose there are two chemist ( chem1 and chem2 ). chem1 did some vast research and discovered some drug. Now chem1 would not be interested in disclosing his research. So what he wants is some kind of security. Hence, as a programmer I need to encrypt the file which chem1 has created which if by chance gets to the way of chem2 is unable to identify what the file contains.

On the other way round there are situations where chem1 has some of his peers who helped him to discover the drug or there are some bunch of users under his site. So what do you think should happen??? I think the peers, bunch of users wouldnt be happy to enter the same password again and again to decrypt the file. Hence, to make their work easy chem1 would encrypt the file with site's administrator password. Since chem1's peers and bunch of users are under same roof they need not enter the password to decrypt the file which is taken care by administrator's password.

OK, I agree in that I need not decrypt the system password. What I can do is get access to system (user logged in ) password( encrypted one ). Use this same encrypted password to encrypt my file. OK that makes much better sense.

Now here are my questions.
1) How can I get system( user's password ) on windows and linux???
I know windows stores all user password in registry file, but how do I access that file and access the password (encrypted)????
On linux too I know the user's password is stored in /etc/shadow or /etc/passwd. But can someone out there tell me how to access these both on windows and linux????

Motoma--> You make some sense, Thanks. But my question is how to snag the password??? Both on windows and linux.


I think I'm clear now. If not please let me know..
Thanks
Jun 5 '07 #10

RedSon
Expert 5K+
P: 5,000
Sorry Redson but you mistook me.
First off I use cryptp++ lib (AES::CBC ) for encryption and decryption purpose.

I know that so I first digest the password using some salt and then using that encrypted password I then encrypt the file.


I think I already answered

But I want the password to be same and not public and private keys algorithm.
Since it is a chemistry application, it is useful for researchers in chemistry field. Now suppose there are two chemist ( chem1 and chem2 ). chem1 did some vast research and discovered some drug. Now chem1 would not be interested in disclosing his research. So what he wants is some kind of security. Hence, as a programmer I need to encrypt the file which chem1 has created which if by chance gets to the way of chem2 is unable to identify what the file contains.

On the other way round there are situations where chem1 has some of his peers who helped him to discover the drug or there are some bunch of users under his site. So what do you think should happen??? I think the peers, bunch of users wouldnt be happy to enter the same password again and again to decrypt the file. Hence, to make their work easy chem1 would encrypt the file with site's administrator password. Since chem1's peers and bunch of users are under same roof they need not enter the password to decrypt the file which is taken care by administrator's password.

OK, I agree in that I need not decrypt the system password. What I can do is get access to system (user logged in ) password( encrypted one ). Use this same encrypted password to encrypt my file. OK that makes much better sense.

Now here are my questions.
1) How can I get system( user's password ) on windows and linux???
I know windows stores all user password in registry file, but how do I access that file and access the password (encrypted)????
On linux too I know the user's password is stored in /etc/shadow or /etc/passwd. But can someone out there tell me how to access these both on windows and linux????

Motoma--> You make some sense, Thanks. But my question is how to snag the password??? Both on windows and linux.


I think I'm clear now. If not please let me know..
Thanks
So if you are interested in encrypting files to securely share with other chems why not ask them to think of a new password each time. Then chem1 can give chem2 the data file and then call them on the phone and say "the password is 'abracadabra'". I don't understand why there is this requirement to use the users logged in system password. If chem1 logs into their computer with the password of "chem1pass" and then creates an encrypted file with the unlock password of "chem1pass" then gives that file to chem2 then chem2 has to know chem1's password to decrypt the file. Now chem2 knows chem1's login password which totally flys in the face of every security principle.
Jun 5 '07 #11

100+
P: 180
So if you are interested in encrypting files to securely share with other chems why not ask them to think of a new password each time.
As that would be more overhead to enter the password again and again. In fact this was my previous plan but my employer says, the chemist dont want to enter the password again and again. So provide only a single password.

I don't understand why there is this requirement to use the users logged in system password. If chem1 logs into their computer with the password of "chem1pass" and then creates an encrypted file with the unlock password of "chem1pass" then gives that file to chem2 then chem2 has to know chem1's password to decrypt the file. Now chem2 knows chem1's login password which totally flys in the face of every security principle.
You are right, What about the other scenario in my previous post?? What about chem1's peer and bunch of users under the same post??? Do you think it would be fair for the inhouse employees to enter the password again and again???

I dont know whether you trust me??? I have my deadline nearby...
I think GURU, Banfa has to provide me some solution. I hope he sees this post and reply me.

Thanks
Jun 6 '07 #12

Motoma
Expert 2.5K+
P: 3,235
As I mentioned previously, in most corporate and educational environments authentication is typically done against a server. If this is the case in your situation, your program will need to authenticate against that server as well. Once you authenticate, you know that the password your user typed in is correct, and you can use that to encrypt/decrypt your data.
Jun 6 '07 #13

sicarie
Expert Mod 2.5K+
P: 4,677
vermarajeev-

You're not using PGP or something of the sort solely because you want an encrypted file to be able to be decoded by anyone with a single password?

Why not just lock it in MS Word or OpenOffice or whatever text editor?
Jun 6 '07 #14

sicarie
Expert Mod 2.5K+
P: 4,677
Or you could figure it out how to use the same PGP key for decryption on both (probably by using the same PGP key to encrypt, but I'm not sure).
Jun 6 '07 #15

dumparun
P: 26
Or you could figure it out how to use the same PGP key for decryption on both (probably by using the same PGP key to encrypt, but I'm not sure).

i think what he wants to do is to use a symmetric algorithm like AES or DES for encryption/decryption
now what he wants is the Password which he could convert to a 16 byte key, using his own algorithm.
I think you might have thought about some way to create a 16 byte key from the password.

but now the problem is that you need the password from OS, which i am not sure you will be able to get.
write a test application to read the file directly to retrieve the Hash of the Password.
you are done if you are able to do so. i am not sure you will be getting the password directly using some win32 API, because then it doesnt serve the purpose.

what i dont understand is that, what will the HOD, Chem lab will do to decrypt the files, would he be having the list of passwords of all researchers, or would he be calling them all the time.

either way, i would prefer them to enter a password for your application, and you can cache that password through out the application to avoid multiple entries.
this would be the best way, doing so you can have your own constraints on the password to make it strong, like alphanumeric characters, minimum 8 chars etc...
Jun 7 '07 #16

100+
P: 180
Hmm, dumparun makes some sense.
but now the problem is that you need the password from OS, which i am not sure you will be able to get.
Exactly, I want the same and got to know that it is not possible and got to know it would be illegal.
write a test application to read the file directly to retrieve the Hash of the Password.
you are done if you are able to do so.
Can you be more clear about this??? What password are you talking about???
i am not sure you will be getting the password directly using some win32 API, because then it doesnt serve the purpose.
I think their has to be some way to do so...
what i dont understand is that, what will the HOD, Chem lab will do to decrypt the files, would he be having the list of passwords of all researchers, or would he be calling them all the time.
Yes the password has to be different and the researchers has to set their own password and needs to take care of NOT revileing the password to outsiders except the one who he wants to share the discovery( eg. drug ). This provides more security.
either way, i would prefer them to enter a password for your application, and you can cache that password through out the application to avoid multiple entries.
this would be the best way, doing so you can have your own constraints on the password to make it strong, like alphanumeric characters, minimum 8 chars etc..
In that case there will only be a single private password and if once disclosed would break the entire security which I dont think is a good idea...

I think my question is now getting clearer and clearer. Hope to get a proper solution as I've been waiting to get so...

Thanks,
Jun 7 '07 #17

AdrianH
Expert 100+
P: 1,251
Hi, I've not read all of this thread, but I would like to ask. Why not ask the user one other time for the password, encrypt it and put it in a file (like a cookie) and have it erased on logout? Or if all you care about is the user loging in, then don't erase that file and the user will never have to enter it again?


Adrian
Jun 7 '07 #18

Motoma
Expert 2.5K+
P: 3,235
I think my question is now getting clearer and clearer. Hope to get a proper solution as I've been waiting to get so...
I think the solution is clear: the reason there are no security toolkits that work this way is because it is not a good way to handle security. I would suggest looking at enterprise solutions, such as PGP, which allow you to encrypt data, and send it in a way that can be readable by only the person it was intended it for.
Jun 7 '07 #19

dumparun
P: 26
Hmm, dumparun makes some sense.
haaa...
finally some body told that irrespective of my user name

Can you be more clear about this??? What password are you talking about???
well i was thinking about reading the hash from file like /etc/shadowpassword or something of that kind if you have access. has not done much research

I think their has to be some way to do so...
there wont be any way to read the password legally, other than hacking it.
Else it wont solve the purpose of having the password.

Yes the password has to be different and the researchers has to set their own password and needs to take care of NOT revileing the password to outsiders except the one who he wants to share the discovery( eg. drug ). This provides more security.

In that case there will only be a single private password and if once disclosed would break the entire security which I dont think is a good idea...

I think my question is now getting clearer and clearer. Hope to get a proper solution as I've been waiting to get so...

Now you are talking.
that was everybodys point here.
understand that Symmetric Algorithm like AES or DES use a single password for encrypting and decrypting.
so you need to share it across those who needs to read it.

Thats why we have Asymetric Algorithms like RSA, which is secure and provides non-repudiation.
in this case, you dont need to share the password.

every user of your system would be having a Key Pair, which could be ignited using your own password.
now the Lab Researcher1 , who is doing reserch after finding some thing would encrypt the file using the public key of his recepients, like HOD or his partner.
then he can send it to them through any un secured channel.

only those intended recipients would be able to read it.
done.

use Bouncy Castle / Open SSL algorithm for the same.
that only makes sense for your application.

Understand one clear and clean concept.
Usability and Security never Co-Exists

i am done, with my dump ideas :P
Jun 8 '07 #20

P: 1
I found a tool at http://www.boncle.com that encrypt file without sharing password with the other parties. Is it what you are looking for?
Jun 29 '07 #21

Post your reply

Sign in to post your reply or Sign up for a free account.