Hello
I usually open .lrp files with Winzip81 in Windows 98, renaming them to *.tgz, except initrd.lrp, that can't be opened. I would like to protect the password file of etc.lrp from been cracked with Brute Force crackers like John The Ripper. Is there a way for backing up the .lrp files, so they cannot be opened (as initrd.lrp), except from inside the Bering box, and of course knowing the root password?
It is very difficult to protect a system against someone who has physical access to it. Even the "bigshots" like Microsoft get this wrong (witness the XBox boot code).
The Catch-22 is in your question above <rephrased>:
How do you protect the password file from being read by anyone who doesn't have the password?
Well, if you're keeping data out of the hands of someone with physical access, the system itself doesn't have the password, so it can't access the password file, so it can't know what the password is...catch-22.
About the only thing I can think of that might satisfy your request is the encryption of etc.lrp, with the encorperation of an appropriate decrypting routine into the initial ramdisk startup script.
This would require you to be present at system boot to enter the password (so the packages could be decrypted and installed), but would prevent anyone from being able to get at your passwords quite as easily, but there are still lots of ways around this for someone with physical access to the machine, they're just harder than extracting a zip file.
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
