Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Is password hashed?

Posted on 2006-11-08
5
Medium Priority
?
318 Views
Last Modified: 2013-12-04
If I have all access turned off on a virtual directory except Windows Integrated Security, and I programatiacally connect to the directory over the internet using vb.net (HTTPWEBREQUEST/RESPONSE methods),  will the password be hashed before it is sent over the network???  I know that typically it would be, but I am asking because I am doing this from a custom vb app. on a mobile device (running WinMobile5), not an ie browser on a pc.

It seems like it should get hashed somehow, but I'm wondering how it happens.  Does the OS handle the hashing, or do I need to add something to my app?
0
Comment
Question by:moreOncoding
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 24

Expert Comment

by:SunBow
ID: 17900470
Try it? I agree that "It seems like it should get hashed somehow", but there are reports of various insecurities built into the access  for mobile. More is better, if you can add something like another layer, where you have a footprint at both ends.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 17900542
Researchers Criticize Security of Windows Mobile  
By  Matt Hines
October 26, 2006  
http://www.eweek.com/article2/0,1895,2040754,00.asp?kc=EWWMUEMNL110206EOAD


According to the latest report published by J. Gold Associates, a Northborough, Mass.-based wireless research firm, Microsoft's decision not to offer file encryption capabilities on its Windows Mobile platform reflects poorly on the technology compared to other popular wireless systems.

Unlike the push e-mail systems offered by rival mobile software makers including Good Technology, Research In Motion and Sybase, Microsoft's wireless messaging technology doesn't include data protection beyond simple passwords, researchers said.

The current versions of ActiveSync and AirSync only support specially formatted data sets that meet certain Microsoft data specifications, which means that any transfer of data from Exchange Server to Microsoft's Pocket Outlook must be done in an unencrypted file-state.

A new research report contends that by failing to offer onboard encryption for e-mail files stored on Windows Mobile devices, Microsoft may be putting itself at a competitive disadvantage and leaving users vulnerable to data loss.

Unlike the push e-mail systems offered by rival mobile software makers including Good Technology, Research In Motion and Sybase, Microsoft's wireless messaging technology doesn't include data protection beyond simple passwords, researchers said.
0
 
LVL 24

Accepted Solution

by:
SunBow earned 1500 total points
ID: 17900584
For what the quote and remainder of article say - and do not say - I suggest you won't have to worry about their using clear text, the complaints are about encryption 'after' use of passwords.
0
 

Author Comment

by:moreOncoding
ID: 17906420
SunBow,

Regarding your first comment, how would I see if it were hashed or not?  I've run some tests and was able to connect, but had no way of seeing how the password was sent.  Is there some kind of log that I can look at?
0
 

Author Comment

by:moreOncoding
ID: 17979460
Since I've worked on this for some time without finding an answer, and since I do need to tell the people who gave me this assignment whether the password is hashed, I will increase to 500.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question