Mail Archives: cygwin/2005/12/06/12:49:29
On 12/4/05, nidhog <nidhog AT gmail DOT com> wrote:
> On 12/4/05, Christopher Faylor <cgf-no-personal-reply-please AT cygwin DOT com> wrote:
> > On Sun, Dec 04, 2005 at 12:20:57PM +0100, Tomasz Chmielewski wrote:
> > >I have a little open-source project, which eases Windows administration
> > >a bit.
> > >
> > >In some of the scripts, I use usernames and passwords (to get to a
> > >password-protected network share etc.).
> > >Because they are scripts, username and password is in plain.
> > >
> > >Although the script files are only readable by SYSTEM and
> > >Administrators, if a disk is stolen, someone could easily get the
> > >passwords by doing simple "grep -r password ./*".
> > >
> > >Do you know some tool which could "encode" scripts?
>
> instead of storing them plaintext, why don't you try encoding them via
> cryptographic hashes - md5, sha1, tiger and the like.
How is the script going to get the plaintext password if all it has is
a one way hash?
> while it's still vulnerable to bruteforce if they get your hashed
> passwords, you can mitigate the risk by requiring longer/more complex
> passwords.
>
> at least it's not as easy as grep'ping for the plaintext password left
> alone naked all out in the open.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -