Decode Password in ISC4.GDB
Jįder Carvalho de Medeiros
field?
Bill Todd
It would not be very secure if you could. :)
--
Bill (TeamB)
(TeamB cannot respond to questions received via email)
Jeff Overcash (TeamB)
"Jáder Carvalho de Medeiros" wrote:
>
> The field PASSWORD in table USERS only can encrypted? I can't decode the
> field?
--
Jeff Overcash (TeamB)
(Please do not email me directly unless asked. Thank You)
If there is somebody up there could they throw me down a line. Just a
little helping hand just a little understanding. Just some answers to the
questions that surround me now. If there's somebody up there could
they throw me down a line. (Fish)
Craig Stuntz [TeamB]
> It is a one way salt encryption. You can't decrypt it.
Minor quibble: Yes, it's a one way hash, but there's no salt.
-Craig
--
Craig Stuntz [TeamB] · Vertex Systems Corp. · Columbus, OH
Delphi/InterBase Weblog : http://delphi.weblogs.com
InterBase PLANalyzer 1.1 -- Free InterBase query optimization
tool: http://delphi.weblogs.com/IBPLANalyzer
Robert Schieck (TeamB)
> Jeff Overcash (TeamB) wrote:
>
> > It is a one way salt encryption. You can't decrypt it.
>
> Minor quibble: Yes, it's a one way hash, but there's no salt.
Actually it uses the *UNIX crypt function"
The full dirt on how it is done can be located at:
http://www.mers.com/INTERBASEUSERS.HTML
hth
Rob
Craig Stuntz [TeamB]
> Actually it uses the *UNIX crypt function"
>
> The full dirt on how it is done can be located at:
>
> http://www.mers.com/INTERBASEUSERS.HTML
Er, OK, the exact same salt on every entry is as good as no salt at
all, IMHO. Results are as you would expect, as a simple inspection of
the data shows -- same password for two different users yields the same
value in passwd.
-Craig
--
Craig Stuntz [TeamB] · Vertex Systems Corp. · Columbus, OH
Delphi/InterBase Weblog : http://delphi.weblogs.com
Useful articles about InterBase and Delphi development:
http://delphi.weblogs.com/articles
Jeff Overcash (TeamB)
"Craig Stuntz [TeamB]" wrote:
>
> Jeff Overcash (TeamB) wrote:
>
> > It is a one way salt encryption. You can't decrypt it.
>
> Minor quibble: Yes, it's a one way hash, but there's no salt.
Blame Rob, that's how he's always described it to me :).
Craig Stuntz [TeamB]
> "Craig Stuntz [TeamB]" wrote:
> >
> > Jeff Overcash (TeamB) wrote:
> >
> > > It is a one way salt encryption. You can't decrypt it.
> >
> > Minor quibble: Yes, it's a one way hash, but there's no
> > salt.
>
> Blame Rob, that's how he's always described it to me :).
Reading Rob's site it seems that there is a salt but it's identical in
all cases. This pretty much defeats the point of using a salt, but
does explain the behavior I've been seeing -- the same password for two
different users will be stored with an identical value after hashing.
-Craig
--
Craig Stuntz [TeamB] . Vertex Systems Corp. . Columbus, OH
Delphi/InterBase Weblog : http://delphi.weblogs.com
InterBase Performance Monitor -- Analyze and control your IB7
server: http://delphi.weblogs.com/IBPerformanceMonitor
K Sallee
<ja...@betim.mg.gov.br> wrote:
You can not, but you can possibly crack it.
Some may say "impossible, the password field is too long to test all
possible combinations in a human's lifetime". Maybe, but given human
nature what it is, some passwords are rather easy to crack. On one
database system they used a 3 letter password. I cracked in in 15 seconds.
Just something to think about.
Kevin