One way encryption

alizaman
ServiceNow Employee
ServiceNow Employee

‎03-28-2017 05:53 AM

How one way encryption works in the system.

I have set the password field to one way encryption, but could still decrypt it back to plain text.

Using the GlideEncrypter();

Encrypt var kryp = new GlideEncrypter();

var krypPas = kryp.encrypt(user_password);

gr.u_password_array = krypPas; // save password to one-way password field on table

OR

There is a Pwd Change - Local ServiceNow workflow which uses another method which stores password in the user table, where password cannot be decrypted back to plain text.

But what if I want to save passwords in another table/field other than user table, so very little information on user.authenticate method is available for it to be used somewhere else.

var enc = new GlideEncrypter();

var decryptedOldPassword = '' + enc.decrypt(workflow.inputs.u_old_password);

var authed = user.authenticate(userName, decryptedOldPassword);

Thanks

Ali

Labels:
0 Helpfuls
  • 3,369 Views
15 REPLIES 15

Joe McCarty1
ServiceNow Employee
ServiceNow Employee

‎03-28-2017 07:47 AM

One way encryption is really a one way hash.   The user_password by design is a one-way hash and the underlying password cannot be recovered. The system hashes passwords when logging in and compares the hashed values.   There are 2 way password types for that use case, but that's usually reserved for passwords that need to be presented as credentials to another system.


0 Helpfuls

jarodm
Mega Guru
In response to Joe McCarty1

‎03-28-2017 09:19 AM

This blog post explains the difference pretty well:



https://garrettnow.com/2016/03/10/bite-16-password-vs-password2/



JarodM


0 Helpfuls

alizaman
ServiceNow Employee
ServiceNow Employee
In response to Joe McCarty1

‎03-28-2017 09:31 AM

Hi Joe/Jorad,



Issue is that even using the Password (1 way encryption), i am still able to decrypt the password back to plain text.


The requirement is that we store last 10 passwords from the user and encrypt them (1 way) and then when user resets the password, we make sure its not using the last 10 passwords, hence we want to store them in a new field, which we did but can decrypt it back to plain text.


the OOTB workflow successfully encrypt it 1 way but it only works for sys_user but because of the custom requirement (last 10 passwords) we need to get it working against a different table/field.



thanks


0 Helpfuls

Nicola Tomasell
Tera Contributor
In response to Joe McCarty1

‎04-08-2021 07:53 AM

Hi Joe,

do you know which script is used to hash password field in SN?

I need to populate a user_password field in sys_user table but I 'm not able to hash it.Could you help me?

thanks in advanced

NT

0 Helpfuls