A few days ago I asked how to change a user's password from within the
application without resorting to external utilities, ie. server manager,
gsec, etc.
I got quite a few hints to different solutions, but the real one I was
interested with was this:
The password is encrypted with the UNIX crypt routine. That routine
requires a salt which for our purpose is always "9z". The resulting
encrypted data is striped of the "9z" (11 char. left) and crypted again
with the same "9z" salt. The result, once striped of the "9z" is the
encrypted password as found in the ISC4.GDB database.
I have in my posession, from a while ago, the source of the real worldwide
UNIX crypt routine. I have adapted it to work in a Window environment as a
...DLL (12K). It can be called from C or Delphi (1.6 and 2). It was
compiled with Borland C++ 4.5. It requires the BC450RTL.DLL (Borland
Runtime library, 256K) to run. If you need the crypt .DLL for Windows (3.x
... NT 4.0), I'll be glad to oblige, just indicate if you need the Borland
Library too.
Now, before you rush, hoping to discover your boss' password, you should
know that UNIX employs an encrypting mecanism where it purposefully loses
bits of information. That way, it is impossible to revert back to the
original password. Of course, if your boss chosed his password supidly,
you may be able to gest it and try out your hunches with this. But then,
being of more experience than you he probably chooses well... Anyway,
don't get any ideas, the "9z" equivalent is published in the /etc/passwd
too and it's as secure as it has even been, but I don't want to start a
security debate here.
Thanks to all those that helped me, specially Jeremy R. Bettis who found
out about the "9z".
--
Grard Perreault
gperr...@igp.qc.ca
http://www.igp.qc.ca
begin 600 unixpass.zip
<uuencoded_portion_removed>
4!08`````# `,`/8"``!W$@,`````
`
end
