How can I generate a password for timeouts after a specific period of time in a batch file?

MD5sum

Batch scripts, since they live in a world of text files, are not very convenient for storing and matching passwords. After all, the person running the script can just as easily open it in Notepad and see the expected password. It's not very raucous, is it?

Periodic passwords come up periodically and hardcoded passwords in scripts always annoy me. So how about, to change, we obfuscate the password with an MD5 hash? There's no simple command built into Windows that makes this possible, but it can be accomplished with a (presumably confusing) PowerShell one-liner.

Save this helper script as md5sum.bat:

@echo off
setlocal

if "%~1"=="" goto :EOF

powershell "[Security.Cryptography.HashAlgorithm]::Create('MD5').ComputeHash([Text.Encoding]::UTF8.GetBytes('%~1')) | %%{write-host -n $_.tostring('x2')}"

      

        
        
        
      

    

Then use it to find the MD5 hash of the password you want:

md5sum.bat "password"

      

        
        
        
      

    

The result outputs

5f4dcc3b5aa765d61d8327deb882cf99

Instead of hardcoding the password itself into your script, you can now hardcode it 5f4dcc3b5aa765d61d8327deb882cf99

.

User record

Now comes the interesting stuff. You can also borrow from Powershell to trick the user record like this:

@echo off
setlocal

<NUL set /P "=Password? "
set "psCommand=powershell -command "$p=read-host -AsSecureString;^
$m=[Runtime.InteropServices.Marshal];$m::PtrToStringAuto($m::SecureStringToBSTR($p))""
for /f "usebackq delims=" %%p in (`%psCommand%`) do set "pass=%%p"

setlocal enabledelayedexpansion
echo You entered !pass!
endlocal

      

        
        
        
      

    

Combine the two and you can check if the password entered by the user matches the hash hardcoded in the script.

@echo off
setlocal

<NUL set /P "=Password? "
set "psCommand=powershell "$p=read-host -AsSecureString;^
$m=[Runtime.InteropServices.Marshal];$x=$m::PtrToStringAuto($m::SecureStringToBSTR($p));^
[Security.Cryptography.HashAlgorithm]::Create('MD5').ComputeHash([Text.Encoding]::UTF8.GetBytes($x)) ^| %%{write-host -n $_.tostring('x2')}""

for /f "usebackq delims=" %%I in (`%psCommand%`) do (
    if "%%~I"=="5f4dcc3b5aa765d61d8327deb882cf99" goto :match
)

echo Nope.
goto :EOF

:match
echo w00!

      

        
        
        
      

    

Voila! You can now expect user input password

, but the user cannot easily see from Notepad that the password

correct password is. Cool, yeah?

Self destruction

Going back to the original question of how you can make this timeout after 10 seconds, you will need to do a bit of work. One solution would be to run a helper script in the background that waits for 10 seconds and then kills all tasks powershell.exe

. It might interfere with other powershell-ish resources you may have, but let's be honest. Given the rudimentary nature of the question, I find it safe to assume that this would not be a problem in this situation.

I would do it like this:

@echo off
setlocal

if "%~1"=="helper" goto helper
start /b "" "%~f0" helper

<NUL set /P "=Password? "
set "psCommand=powershell "$p=read-host -AsSecureString;^
$m=[Runtime.InteropServices.Marshal];$x=$m::PtrToStringAuto($m::SecureStringToBSTR($p));^
[Security.Cryptography.HashAlgorithm]::Create('MD5').ComputeHash([Text.Encoding]::UTF8.GetBytes($x)) ^| %%{write-host -n $_.tostring('x2')}""

for /f "usebackq delims=" %%I in (`%psCommand%`) do (
    waitfor /s %computername% /si PasswordEntered >NUL 2>NUL
    if "%%~I"=="5f4dcc3b5aa765d61d8327deb882cf99" goto :match
)

echo Nope.
goto :EOF

:match
echo w00!
goto :EOF
:: // END MAIN RUNTIME

:helper
>NUL 2>NUL (
    title Enter password.
    waitfor PasswordEntered /t 10 || taskkill /im "powershell.exe" /f
)
exit

      

        
        
        
      

    

If you prefer taskkill

Powershell it is possible to do the read-host timeout , but I'll leave that as an exercise for the reader.