Jump to content

WinAPI - Return hash instead of actual password


Recommended Posts

Add ability to return a hash of your choice (MACTripleDES/MD5/RIPEMD160/SHA1/SHA256/SHA384/SHA512) of the password generated instead of the actual clear-text password.

 

Scenario:

Create a password for an account with which the tech only needs to know the SHA256 value of the password.

# PowerShell Request

#JSON data for the object
$jsonData = '
{
    "PasswordListID":"7331",
    "Title":"Web service account",
    "UserName":"account_[service]_123",
    "GeneratePassword":"True",
    "GenerateHash":"True",
    "Algorithm":"SHA256"
}
'

$PasswordstateUrl = 'https://passwordstate/winapi/passwords/'
$result = Invoke-Restmethod -Method Post -Uri $PasswordstateUrl -ContentType "application/json" -Body $jsonData -UseDefaultCredentials
# Response

HTTP/1.1 200           
[
    {
        "PasswordID": 1337,
        ...
        "Password": "5DB1FEE4B5703808C48078A76768B155B421B210C0761CD6A5D223F4D99F1EAA",
        ...
    }
]

Benefits:

If the person creating a password doesn't need to know the password but a system needs to know it's hash, the benefit of not sending the password in the response but the specific hash would be a lot more beneficial and it's always nice to minimize the exposure of clear-text passwords.

Link to comment
Share on other sites

Hi Christopher,

 

We've looked into this, and it looks like it should be fairly easy to implement, as they are part of Microsoft's System.Security.Cryptography assembly. Some of the older algorithms like MD5 and SHA1 are not recommended, as they are obsolete and insecure, but we can include them in case you need them for any legacy systems.

We'll need to provide a URL parameter so you can specify if you want a hash returned, instead of the password value.

 

Regards

Click Studios

Link to comment
Share on other sites

Thanks Christopher. We finished this work yesterday, and it will be available in the next build. The supported Hash types will be

 

HMAC
HMACMD5
HMACSHA1
HMACSHA256
HMACSHA384
HMACSHA512
MACTripleDES
MD5
RIPEMD160
SHA1
SHA256
SHA384
SHA512

 

Regards

Click Studios

Link to comment
Share on other sites

  • 2 weeks later...
  • 3 weeks later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...