You could limit the password complexity to a level to where you could use a brute force attack to crack it in a few (seconds|minutes|hours). Of course that means that someone else would be able to as well, but if they can get to the encrypted passwords then your in trouble already.
The password complexity could be lowered by: * only encrypting the first ? characters of the actual password, storing the rest in plain text. * converting it to all lower case. * restricting use of non alpahbet characters - Johnathan Morbus Iff wrote: > I have a need to store a user's password in a configuration file: > > - the password should NOT be in plain text. > - the password should be decryptable so that we > don't have to ask the user each time (as per > the common Unix crypt ideal). > > Any ideas? There's always the cheap sort of rot13, binary, decimal > sort of madness, but I was looking for something a bit more "hard to > deciper at a glance". I know the inherent risks with having a > decryptable, but I'll take those over the obvious risks of plaintest > stored passwords. > > Thoughts? > > > -- > Morbus Iff ( i am your scary godmother ) > http://www.disobey.com/ && http://www.gamegrene.com/ > please me: http://www.amazon.com/exec/obidos/wishlist/25USVJDH68554 > icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus > > > > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
