Hello Jason,
MD5 (32 bits) or SHA1 (64 bits) is better than plantext.
Implementation of a simple hash to store password take only a little time.
The best to do is both things.
On Jan 14, 2008 6:35 PM, Jason Pruim <[EMAIL PROTECTED]> wrote:
> Once you know the hash though, it's a simple matter
Once you know the hash though, it's a simple matter from what I've
heard to decrypt it with a brute force attack setup on your server.
Sure it takes a little effort, but it is possible.
even if you use all kinds of mixed case, different characters,
punctuation, etc. to create the hash, with
Someone can get read access to assp.cfg without write.
default umask is 022, what mean files are created with 0644, so by default
them can read not write
MD5 hash will help to protect sysadmins which do not checked their
permissions.
I know is easier to chmod 0600 assp.cfg, but, my opinion is to
Roberto Berto wrote:
> On Jan 14, 2008 3:00 PM, GrayHat <[EMAIL PROTECTED]> wrote:
>
>>> webAdminEncryptedPassword
>> it's a nonsense; imVHo it would just suffice to use MD5 to generate
>> an hash of the admin password and store the hash inside the config
>> file in place of the plain text pwd; at
On Jan 14, 2008 3:00 PM, GrayHat <[EMAIL PROTECTED]> wrote:
> > webAdminEncryptedPassword
>
> it's a nonsense; imVHo it would just suffice to use MD5 to generate
> an hash of the admin password and store the hash inside the config
> file in place of the plain text pwd; at any rate, if someone will
> webAdminEncryptedPassword
it's a nonsense; imVHo it would just suffice to use MD5 to generate
an hash of the admin password and store the hash inside the config
file in place of the plain text pwd; at any rate, if someone will be
able
to read your cfg file, then I suspect you'll have bigger prob
Hello,
What about create a two new parameters at assp.cfg?
webAdminEncryptedPassword: if not null, will skip webAdminPassword and will
use webAdminEncryptedPassword as password. Encryptation can be MD5, for
example
webAdminUsername: for change the default admin username
-
