On Mon, 2007-01-01 at 07:43 -0800, Ryan Roth wrote: > I can change it if that is what people want. I personally like not > having blatant visible usernames or passwords in plain text files.
The model from the beginning of time has always been that usernames are not secret. I think changing that for the sake of being clever is probably a bad idea. I think in the best case you won't be helping security, and in the worst case would be hurting it. Everybody knows usernames are stored in the clear. If you're worried that your username leaks something personal, choose a different username. > When comparing given password to stored password how do you use the same > salt if it is random? Or is at random salt for that machine? The salt is stored along with the crypted output: [EMAIL PROTECTED] ~]$ python -c 'from crypt import crypt; print crypt("mypass", "$1$somesalt$")' $1$somesalt$YNyB7foQZZvxHOICTr52H. (somesalt could be derived from /dev/urandom.) So when you want to compare user input, you parse the salt from the front of the stored password hash, and feed that back into crypt() with the user-supplied password and see if the results match. Cheers, Jason. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Freevo-users mailing list Freevo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freevo-users