?
Solved

Lotus Notes password encyption algorithm

Posted on 2003-02-20
12
Medium Priority
?
1,251 Views
Last Modified: 2013-12-18
Hi,
i am looking for Lotus Notes password encyption algorithm. Does anyone has it?

Thanks,
Koray.

My aim is : In a .Net web site the user enters his password, i have to encrypt it and compare it to the encrypted password of the user in the Notes Address Book.
0
Comment
Question by:koray_uygun
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
12 Comments
 
LVL 9

Accepted Solution

by:
Arunkumar earned 200 total points
ID: 7986616
haa haa haa !!! If you can do it then Lotus Notes is out of the market...

:-)
Arun.
0
 
LVL 13

Expert Comment

by:CRAK
ID: 7986637
....and with Notes out of the market, we'd be unemployed, right Arun?
0
 
LVL 3

Expert Comment

by:Gunsen
ID: 7986771
Why dont you try doing a LDAP bind to the domino-server, with users .net password (in cleartext) and see if it fails...?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 9

Expert Comment

by:Arunkumar
ID: 7987093
Right CRAK !
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 7988406
Hello Koray,

let the guys laugh.

Do it simply by pushing the password entered by web user trough @Password function and compare then to the InternetPassword field in users Person document.

Like this:

PwdEntered = Evaluate(|@Password("| & doc.OldPassword(0) & |")|)

if (PwdEnetered = PersDoc.InternetPassword(0)) then
...

0
 

Author Comment

by:koray_uygun
ID: 8023932
Sorry Zvonko, but i cannot use @password because the user will enter his password in a .Net web site. Anyway Arunkumar i don't see why Lotus's encryption algorithm is confidential because anyway an encrypted password cannot be decrypted because, for exemple, if an "a" is transformed in an "e" and also is an "r", it is impossible. But if you all don't have this algorithm, no one else will ;-)
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 8025009
You did not see what I mean.
Let us say your web user enters the password in a web page into field named OldPassword and submit to Domino.
Then does the WebQuerySave agent or another action or button agent check for the correct password.
The password encryption is only one-way process. One-way mean you can only encrypt a password and compare with an already encrypted. You never can decrypt a encrypted password to its original form.
But even this encryption algorithm is secret for Notes passwords. I have seen companies telling you sell you a exe which can do the same so you can do this decryption with a brute force method and compare every computed encryption with the resulting encryption. For a eight character password allowing reduced character set you need several days to find a match.
So you can say: it is NOT possible.

0
 
LVL 9

Expert Comment

by:Arunkumar
ID: 8025041
Points to ME bro !

:-)
0
 
LVL 3

Expert Comment

by:Gunsen
ID: 8025094
A compare is not possible.

But as i said, a LDAP logon (bind) to the domino-server should still be able to verify the password !

Set OpenDS = GetObject("LDAP:")
Set x = OpenDS.OpenDSObject("LDAP://" & UaserName & "/o=" & Organisation, CurrentPassword, 0)
0
 
LVL 3

Expert Comment

by:Gunsen
ID: 8025104
Sorry:
Set OpenDS = GetObject("LDAP://" & Server)
Set x = OpenDS.OpenDSObject("LDAP://cn=" & UserName & "/o=" & Organisation, CurrentPassword, 0)
0
 

Author Comment

by:koray_uygun
ID: 8025196
I'll make myself more clear. There was a Domino web site where users had to login with their login and internet password. We want to migrate to .Net but dont want the users to reenter their passwors in the new platform, we want to take their encrypted password from the PAB and put them in a relational database. Then we want to get rid of Lotus Notes. If it was possible to have the encryption algorithm we could compare the entered password to the encrypted one using the algorithm.
So i think Arunkumar will get the points if someone has to get them.

Thank you all for your help.
0
 
LVL 9

Expert Comment

by:Arunkumar
ID: 8025350
No problem Koray ! I would love to bag these kinda points though...

:-)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IBM Notes offer Encryption feature using which the user can secure its NSF emails or entire database easily. In this section we will discuss about the process to Encrypt Incoming and Outgoing Mails in depth.
Article by: Rob
Notes 8.5 Archiving Steps and Tips This article covers setting up a Notes archive, and helps understand some of the menu choices making setting up and maintaining a Notes archive file easier.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question