Vernon D. Cole
2015-01-19 22:30:07 UTC
As an aside to the recent discussion on storing passwords...
Is there a way to (re)set Windows passwords using a pre-computed hash?
I can use win32net.NetUserSetInfo() to reset a password, if I use the plain
text of the password. My goal is to remotely set passwords on an arbitrary
group of Windows computers, without storing the plain text of the
passwords. If I store the hash values, the control system would be much
less insecure than if I store the plain text.
[Explanation: My goal is to add password-setting capability for Windows in
saltstack
<http://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html#module-salt.states.user>.
It can now be done only in Linux, BSD, and Solaris. Of course I would need
to provide a different hash for Windows. If it worked only on recent
version of Windows that would be okay. ]
Is there a way to (re)set Windows passwords using a pre-computed hash?
I can use win32net.NetUserSetInfo() to reset a password, if I use the plain
text of the password. My goal is to remotely set passwords on an arbitrary
group of Windows computers, without storing the plain text of the
passwords. If I store the hash values, the control system would be much
less insecure than if I store the plain text.
[Explanation: My goal is to add password-setting capability for Windows in
saltstack
<http://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html#module-salt.states.user>.
It can now be done only in Linux, BSD, and Solaris. Of course I would need
to provide a different hash for Windows. If it worked only on recent
version of Windows that would be okay. ]