X-Spam-Check-By: sourceware.org Message-ID: Date: Sun, 4 Dec 2005 22:42:04 -0800 From: nidhog To: cygwin@cygwin.com Subject: Re: encoding scripts (so that user can't see passwords easily)? In-Reply-To: <20051204173646.GA28855@trixie.casa.cgf.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: inline References: <4392D119.7080409@wpkg.org> <20051204173646.GA28855@trixie.casa.cgf.cx> X-IsSubscribed: yes Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id jB56gGZb004366 On 12/4/05, Christopher Faylor wrote: > On Sun, Dec 04, 2005 at 12:20:57PM +0100, Tomasz Chmielewski wrote: > >I have a little open-source project, which eases Windows administration > >a bit. > > > >In some of the scripts, I use usernames and passwords (to get to a > >password-protected network share etc.). > >Because they are scripts, username and password is in plain. > > > >Although the script files are only readable by SYSTEM and > >Administrators, if a disk is stolen, someone could easily get the > >passwords by doing simple "grep -r password ./*". > > > >Do you know some tool which could "encode" scripts? instead of storing them plaintext, why don't you try encoding them via cryptographic hashes - md5, sha1, tiger and the like. while it's still vulnerable to bruteforce if they get your hashed passwords, you can mitigate the risk by requiring longer/more complex passwords. at least it's not as easy as grep'ping for the plaintext password left alone naked all out in the open. -- /nh -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/