2009-01-17 17:46:15

Using Python to decode SAS passwords

One of the SAS recommended methods for dealing with scripted processes is to use a clear text password in SAS 9.1. Please don't do that.

The other method promotes security by using an encoded password. Unfortunately, the password can be easily reversed because it uses a trivial encoding mechanism.

Here is an example, using SAS, to generate an encoded password for usage in SAS scripts:

proc PWENCODE in="flummoxedpygmy";
run;
{sas001}Zmx1bW1veGVkcHlnbXk=

And now, to decode it using Python:

[root@navi ~]# python
Python 2.5.1 (r251:54863, Jun 15 2008, 18:24:56)
[GCC 4.3.0 20080428 (Red Hat 4.3.0-8)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import base64
>>> coded_pwd = "Zmx1bW1veGVkcHlnbXk="
>>> decoded_pwd = base64.b64decode(coded_pwd)
>>> print(decoded_pwd)
flummoxedpygmy

As it stands, the method that SAS uses for password encoding leaves the SAS accounts vulnerable to being hacked by reversing that encoding, if the script files can be read by users. One way hashes, with salts, would have provided better security, and would be easy to implement.

Tags:   python     |    Perm Link:   Using Python to decode SAS passwords



James Conner