One way encryption

alizaman · ‎03-28-2017

How one way encryption works in the system.

I have set the password field to one way encryption, but could still decrypt it back to plain text.

Using the GlideEncrypter();

Encrypt var kryp = new GlideEncrypter();

var krypPas = kryp.encrypt(user_password);

gr.u_password_array = krypPas; // save password to one-way password field on table

OR

There is a Pwd Change - Local ServiceNow workflow which uses another method which stores password in the user table, where password cannot be decrypted back to plain text.

But what if I want to save passwords in another table/field other than user table, so very little information on user.authenticate method is available for it to be used somewhere else.

var enc = new GlideEncrypter();

var decryptedOldPassword = '' + enc.decrypt(workflow.inputs.u_old_password);

var authed = user.authenticate(userName, decryptedOldPassword);

Thanks

Ali

Joe McCarty1 · ‎04-08-2021

To set a password, you need to use setDisplayValue...see the below post

https://community.servicenow.com/community?id=community_question&sys_id=181d4b69db9cdbc01dcaf3231f9619ed

In a scoped app you may need to get the GlideElement object first but the post shares the details.

Nicola Tomasell · ‎04-08-2021

Hi Joe,

what a speedy answer 🙂

It is what I search.

Thank you very much

NT

Joe McCarty1 · ‎03-28-2017

Can you share a screenshot of the dictionary form of your custom password field?

alizaman · ‎03-28-2017

Hi Joe, This is the field, i can decrypt the value back to plain text .

Joe McCarty1 · ‎03-28-2017

My best guess is that the behavior is an artifact of the use of GlideEncrypter which should be unnecessary with a one way hashed field. I believe it is bypassing the hashing because it recognizes it as an encrypted value. Try doing this instead and I think you won't be able to recover the value:

var gr = new GlideRecord('sys_user');

gr.get('user_name','employee');

gr.u_custom_password.setDisplayValue('clear_text');

gr.update();



gs.print('Verifying hash...' + gr.u_custom_password);



//Attempt to decrypt

var kryp = new GlideEncrypter();

var krypPas = kryp.decrypt(gr.u_custom_password);

gs.print('After Decrypt attempt...' + krypPas);