Join 132,648 Programmers for FREE! Get instant access to thousands of experts, tutorials, code snippets, and more! There are 1,118 people online right now. Registration is fast and FREE... Join Now!
I want to know how and where passwords are stored in computer for some applications like MS Word, MS Excel & RAR files etc. How does computer checks with password (whether it is correct or not) when we input. Thanks masipro
The answer depends upon the program. Most of the time the file contains the information on the password (i.e. it is not stored in the program but in the datafile).
However once you get past armature programmers no one stores passwords -- thats too unsecure (I could just open the file in a hex editor and find the password). So what they do is they use a one way hash and store the hash within the file. Then the user enters the password to open the file, you compute the hash of what they typed in and see if it matches the one stored in the file.
The key to the hash is the it is roughly "one way" meaning that it is nontrivial to go from the hash to the password. However! there is something called collision -- there may be more than one password that makes the same hash -- SO, programs that "search" for the password don't have to find the password, they just have to find something that has the same hash.
The other way that documents are password protected is to encrypt some token (perhaps the content of the file) using the password as the key. Then the program open the file it decrypts the file using the password.
So looking for the password IN the program or the file will not get you very far since they are only stored in the users head (or where ever the user puts them).
As noted, no one stores passwords, they store hashes. You can't get a password from a hash, you can only hash given password and see if it matches what you've got.
Additionally, for a reasonably secure file, the entire contents of the standard unprotected content will have been encrypted using the password, with a basic secure wrapper around it. The application will then take the password you give it and attempt to decrypt the content. Success is achieved when the results look like a standard file. In this case, not even the hash of the password need be stored.
Contrary to the impression you may have from popular entertainment, even minimally secure files are locked tight enough to frustrate a casual attacker.
As noted, no one stores passwords, they store hashes. You can't get a password from a hash, you can only hash given password and see if it matches what you've got.
Additionally, for a reasonably secure file, the entire contents of the standard unprotected content will have been encrypted using the password, with a basic secure wrapper around it. The application will then take the password you give it and attempt to decrypt the content. Success is achieved when the results look like a standard file. In this case, not even the hash of the password need be stored.
Contrary to the impression you may have from popular entertainment, even minimally secure files are locked tight enough to frustrate a casual attacker.
I understand now about that who is stupid or not and guys if anyone of you feel bad due to my behaviour then so much sorry for that i will not try to do like that again
pretty stupid peoples are in dreamincode no one know where password are stored in ms windows.
Passwords are store in the SAM file on windows try to search on it then you wil know what exactly it is
Firstly, there is no need to be so aggressive, secondly, you can only find the sam file, iirc, if you are running a linux livecd to be able to browse to that directory and copy the SAM and SYSTEM files used from SAM extraction.
There are plenty of tutorials about this (dubious) topic, see IronGeek for more information.
16 Aug, 2008 - 02:31 AM
| 