View Single Post
  #9 (permalink)  
Old November 8th, 2004, 05:35 PM
jeffreyc jeffreyc is offline
Registered User
Join Date: Nov 2004
Location: , , .
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts

Hello Phil, If I really need to get password hash of a user from Active Directory, how can I do that. It seems that it is not in user information fetched from AD. Thank you. Jeffrey

quote:Originally posted by pgtips
 Doug, it just ain't that easy I'm afraid. The main stumbling block is that you cannot retrieve any user's Windows password through any means. Think about it, its a hacker's dream if you could write a program to look up a user and get his/her password. Even Windows doesn't know what the actual passwords are because it uses a common cryptographic technique known as "hashing". The closest you could attempt is to find out which hashing algorithm Windows uses, generate the hash yourself from the password input, then compare it to the hash stored by Windows...quite an ask for your first VB program.

Nobody does this sort of thing. A fundamental of the windows user interface is that you only log-on once - how fed-up would you be if every time you opened a program it asked you to provide your password again?

Sorry to be unhelpful, but I think that whoever is asking you to provide this password check needs to re-think exactly what they're trying to achieve by this - and then find a better way to achieve that.