WIndows and linux password

i think what he wants to do is to use a symmetric algorithm like AES or DES for encryption/decryption
now what he wants is the Password which he could convert to a 16 byte key, using his own algorithm.
I think you might have thought about some way to create a 16 byte key from the password.

but now the problem is that you need the password from OS, which i am not sure you will be able to get.
write a test application to read the file directly to retrieve the Hash of the Password.
you are done if you are able to do so. i am not sure you will be getting the password directly using some win32 API, because then it doesnt serve the purpose.

what i dont understand is that, what will the HOD, Chem lab will do to decrypt the files, would he be having the list of passwords of all researchers, or would he be calling them all the time.

either way, i would prefer them to enter a password for your application, and you can cache that password through out the application to avoid multiple entries.
this would be the best way, doing so you can have your own constraints on the password to make it strong, like alphanumeric characters, minimum 8 chars etc...

Hmm, dumparun makes some sense.
Exactly, I want the same and got to know that it is not possible and got to know it would be illegal.
Can you be more clear about this??? What password are you talking about???
I think their has to be some way to do so...
Yes the password has to be different and the researchers has to set their own password and needs to take care of NOT revileing the password to outsiders except the one who he wants to share the discovery( eg. drug ). This provides more security.
In that case there will only be a single private password and if once disclosed would break the entire security which I dont think is a good idea...

I think my question is now getting clearer and clearer. Hope to get a proper solution as I've been waiting to get so...

Thanks,

Hi, I've not read all of this thread, but I would like to ask. Why not ask the user one other time for the password, encrypt it and put it in a file (like a cookie) and have it erased on logout? Or if all you care about is the user loging in, then don't erase that file and the user will never have to enter it again?


Adrian

I think the solution is clear: the reason there are no security toolkits that work this way is because it is not a good way to handle security. I would suggest looking at enterprise solutions, such as PGP, which allow you to encrypt data, and send it in a way that can be readable by only the person it was intended it for.

haaa...
finally some body told that irrespective of my user name

well i was thinking about reading the hash from file like /etc/shadowpassword or something of that kind if you have access. has not done much research

there wont be any way to read the password legally, other than hacking it.
Else it wont solve the purpose of having the password.


Now you are talking.
that was everybodys point here.
understand that Symmetric Algorithm like AES or DES use a single password for encrypting and decrypting.
so you need to share it across those who needs to read it.

Thats why we have Asymetric Algorithms like RSA, which is secure and provides non-repudiation.
in this case, you dont need to share the password.

every user of your system would be having a Key Pair, which could be ignited using your own password.
now the Lab Researcher1 , who is doing reserch after finding some thing would encrypt the file using the public key of his recepients, like HOD or his partner.
then he can send it to them through any un secured channel.

only those intended recipients would be able to read it.
done.

use Bouncy Castle / Open SSL algorithm for the same.
that only makes sense for your application.


i am done, with my dump ideas :P

I found a tool at http://www.boncle.com that encrypt file without sharing password with the other parties. Is it what you are looking for?