BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
valium
Calcite | Level 5

Hi guys,

is anybody able to tell me the algorithm SAS uses to hash passwords for internal users?

Here is the picture…

I need to create a tool for automatic user creation. I would use SAS MDU macros, however the users I have to create do need an internal account. This is why I went for the java way: I do create a person, I do create the internalUser, and I finally bind them:

http://support.sas.com/rnd/javadoc/94/metadata/com/sas/metadata/remote/InternalLogin.html

However, internalUser needs a passwordHash set. Obviously , I usually have salt and password, and this is why I’d need to know how to join them in order to get the salted hash. Javadoc doesn’t seem to answer this question.

By checking the metadata through metabrowse facility, it really really looks similar to a base 64 encoding. I already tried base64(salt+hash) and many similar combinations, but it didn’t seem to work. I tried md5 as well, but I’m just guessing. Any clues?

Thank you all

Mike

1 ACCEPTED SOLUTION

Accepted Solutions
valium
Calcite | Level 5

I’d like to say thank you to SAS Italian Support who gave the correct answer.

As long as we do not know the way SAS encrypts passwords, we can use a different interface to do that.

Here you can find the documentation:

http://support.sas.com/documentation/cdl/en/omaref/63063/PDF/default/omaref.pdf

And here it is some sample code:


MdFactoryImpl _factory = new MdFactoryImpl(false);

MdObjectStore objectStore = _factory.createObjectStore();

Person person = (Person) _factory.createComplexMetadataObject(objectStore, "mike", MetadataObjects.PERSON, shortReposID);

/* Won’t work, for we do not know the way SAS will encrypt password */

InternalLogin internalLogin = (InternalLogin) _factory.createComplexMetadataObject(objectStore, "InternalLogin_Object", MetadataObjects.INTERNALLOGIN, shortReposID);

internalLogin.setSalt(salt);

internalLogin.setPasswordHash("?????????????");

person.setInternalLoginInfo(internalLogin);

/*   */

/* This will work instead */

MdOMRConnection connection = _factory.getConnection();

ISecurity_1_1 is = connection.MakeISecurityConnection();

is.SetInternalPassword("mike", "SASpw1");

/*   */


person.updateMetadataAll();

Thank you all.

View solution in original post

4 REPLIES 4
jakarman
Barite | Level 11

looks to be a part of the metadata model (DATA) SAS(R) 9.2 Metadata Model: Reference (InternalLogin )

---->-- ja karman --<-----
valium
Calcite | Level 5

Exactly Jaap,

both salt and passwordHash are attributes of the internalLogin metadata object.

However, when you create a new user, you usually have a name and a password, so you have to calculate the hash.

I assume there is some kind of java utility method to do that. Knowing the procedure would do as well.

If not, there is no way you can create an internalLogin from scratch.

jakarman
Barite | Level 11

The hash is generated with the salt and password. To be able to generate the same hash the salt is needed. 
So the logic would be generate salt- store salt generate hash with password store hash.

Going in the reverse mode you would get the salt   get (trial/input) password   verify hash.

As external logins must be decrypted there is a method to get the original password for those.

Getting in between the external connection in the internal process it should be rather easy to retrieve those.

Until now I have seen them being mixed up within the metadata structure. It could be a way to hack internal login by that way. 

---->-- ja karman --<-----
valium
Calcite | Level 5

I’d like to say thank you to SAS Italian Support who gave the correct answer.

As long as we do not know the way SAS encrypts passwords, we can use a different interface to do that.

Here you can find the documentation:

http://support.sas.com/documentation/cdl/en/omaref/63063/PDF/default/omaref.pdf

And here it is some sample code:


MdFactoryImpl _factory = new MdFactoryImpl(false);

MdObjectStore objectStore = _factory.createObjectStore();

Person person = (Person) _factory.createComplexMetadataObject(objectStore, "mike", MetadataObjects.PERSON, shortReposID);

/* Won’t work, for we do not know the way SAS will encrypt password */

InternalLogin internalLogin = (InternalLogin) _factory.createComplexMetadataObject(objectStore, "InternalLogin_Object", MetadataObjects.INTERNALLOGIN, shortReposID);

internalLogin.setSalt(salt);

internalLogin.setPasswordHash("?????????????");

person.setInternalLoginInfo(internalLogin);

/*   */

/* This will work instead */

MdOMRConnection connection = _factory.getConnection();

ISecurity_1_1 is = connection.MakeISecurityConnection();

is.SetInternalPassword("mike", "SASpw1");

/*   */


person.updateMetadataAll();

Thank you all.

SAS Innovate 2025: Save the Date

 SAS Innovate 2025 is scheduled for May 6-9 in Orlando, FL. Sign up to be first to learn about the agenda and registration!

Save the date!

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Find more tutorials on the SAS Users YouTube channel.

SAS Training: Just a Click Away

 Ready to level-up your skills? Choose your own adventure.

Browse our catalog!

Discussion stats
  • 4 replies
  • 2115 views
  • 1 like
  • 2 in conversation