Christopher Posted July 25, 2018 Report Share Posted July 25, 2018 Add ability to return a hash of your choice (MACTripleDES/MD5/RIPEMD160/SHA1/SHA256/SHA384/SHA512) of the password generated instead of the actual clear-text password. Scenario: Create a password for an account with which the tech only needs to know the SHA256 value of the password. # PowerShell Request #JSON data for the object $jsonData = ' { "PasswordListID":"7331", "Title":"Web service account", "UserName":"account_[service]_123", "GeneratePassword":"True", "GenerateHash":"True", "Algorithm":"SHA256" } ' $PasswordstateUrl = 'https://passwordstate/winapi/passwords/' $result = Invoke-Restmethod -Method Post -Uri $PasswordstateUrl -ContentType "application/json" -Body $jsonData -UseDefaultCredentials # Response HTTP/1.1 200 [ { "PasswordID": 1337, ... "Password": "5DB1FEE4B5703808C48078A76768B155B421B210C0761CD6A5D223F4D99F1EAA", ... } ] Benefits: If the person creating a password doesn't need to know the password but a system needs to know it's hash, the benefit of not sending the password in the response but the specific hash would be a lot more beneficial and it's always nice to minimize the exposure of clear-text passwords. Link to comment Share on other sites More sharing options...
support Posted July 27, 2018 Report Share Posted July 27, 2018 Hi Christopher, We've looked into this, and it looks like it should be fairly easy to implement, as they are part of Microsoft's System.Security.Cryptography assembly. Some of the older algorithms like MD5 and SHA1 are not recommended, as they are obsolete and insecure, but we can include them in case you need them for any legacy systems. We'll need to provide a URL parameter so you can specify if you want a hash returned, instead of the password value. Regards Click Studios Link to comment Share on other sites More sharing options...
Christopher Posted July 27, 2018 Author Report Share Posted July 27, 2018 Perfect! Yes sadly there are still systems that are legacy (or even ancient legacy) that would require these otherwise I would gladly see them dissapear as well Appreciate the excellent work you are doing!. Regards Christopher Link to comment Share on other sites More sharing options...
support Posted July 27, 2018 Report Share Posted July 27, 2018 Thanks Christopher. We finished this work yesterday, and it will be available in the next build. The supported Hash types will be HMAC HMACMD5 HMACSHA1 HMACSHA256 HMACSHA384 HMACSHA512 MACTripleDES MD5 RIPEMD160 SHA1 SHA256 SHA384 SHA512 Regards Click Studios Link to comment Share on other sites More sharing options...
Sarge Posted August 8, 2018 Report Share Posted August 8, 2018 This should make scripting even easier then having to re-encrypt via ConvertTo-SecureString. Link to comment Share on other sites More sharing options...
support Posted August 24, 2018 Report Share Posted August 24, 2018 Hello guys, Just letting you know this feature request is now complete, as of build 8449 released today Regards Click Studios Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.