On 12/4/05, nidhog <[EMAIL PROTECTED]> wrote: > On 12/4/05, Christopher Faylor <[EMAIL PROTECTED]> wrote: > > On Sun, Dec 04, 2005 at 12:20:57PM +0100, Tomasz Chmielewski wrote: > > >I have a little open-source project, which eases Windows administration > > >a bit. > > > > > >In some of the scripts, I use usernames and passwords (to get to a > > >password-protected network share etc.). > > >Because they are scripts, username and password is in plain. > > > > > >Although the script files are only readable by SYSTEM and > > >Administrators, if a disk is stolen, someone could easily get the > > >passwords by doing simple "grep -r password ./*". > > > > > >Do you know some tool which could "encode" scripts? > > instead of storing them plaintext, why don't you try encoding them via > cryptographic hashes - md5, sha1, tiger and the like.
How is the script going to get the plaintext password if all it has is a one way hash? > while it's still vulnerable to bruteforce if they get your hashed > passwords, you can mitigate the risk by requiring longer/more complex > passwords. > > at least it's not as easy as grep'ping for the plaintext password left > alone naked all out in the open. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/