On Tue, 6 Dec 2005, Tomasz Chmielewski wrote:
> Wayne Willcox schrieb:
>
> > On Tue, Dec 06, 2005 at 02:58:15PM -0500, Jim Drash wrote:
> >
> > > Don't put the user names or passwords in the script put them in a file
> > > only readable by SYSTEM
>
> > that would not solve the requirement of protecting the passwords
> > if the disk was stolen. The scripts are supposedly already
> > readable by system and admin only.
> >
>
> That's exactly what I mean (they are already readable by SYSTEM and admins
> only).
>
> If the disk is stolen, it would add some extra time before the password is
> compromised.
>
> Someone gave a clue here:
>
> http://cygwin.com/ml/cygwin/2005-12/msg00181.html
>
> "instead of storing them plaintext, why don't you try encoding them via
> cryptographic hashes - md5, sha1, tiger and the like."
>
> But I don't really know where to start (which tool should I use for it?)
Umm, "crypt"? As in
stored_password=42wlq4L2SDUdw
echo -n "Enter your password: "; stty -echo; read password; stty echo
if [ x"`crypt 42 "$password"`" = x"$stored_password" ]; then
echo "Access granted"
else
echo "Invalid password"
fi
(the '42' above is the "salt" -- see "man crypt").
HTH,
Igor
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ [EMAIL PROTECTED]
ZZZzz /,`.-'`' -. ;-;;,_ [EMAIL PROTECTED]
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D.
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
If there's any real truth it's that the entire multidimensional infinity
of the Universe is almost certainly being run by a bunch of maniacs. /DA
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
