X-Spam-Check-By: sourceware.org
Date: Tue, 6 Dec 2005 14:45:22 -0500
From: Christopher Faylor <cgf-no-personal-reply-please AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: encoding scripts (so that user can't see passwords easily)?
Message-ID: <20051206194522.GA8750@trixie.casa.cgf.cx>
Reply-To: cygwin AT cygwin DOT com
References: <4392D119 DOT 7080409 AT wpkg DOT org> <20051204173646 DOT GA28855 AT trixie DOT casa DOT cgf DOT cx> <deca9ec80512042242h44317cexf2878291acddcc8a AT mail DOT gmail DOT com> <7ff9c2a10512060949l72e9693bv251e0d46c36ea0e0 AT mail DOT gmail DOT com> <4395E827 DOT 4070804 AT wpkg DOT org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4395E827.4070804@wpkg.org>
User-Agent: Mutt/1.5.11
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Tue, Dec 06, 2005 at 08:36:07PM +0100, Tomasz Chmielewski wrote:
>Svend Sorensen schrieb:
>>On 12/4/05, nidhog <nidhog AT gmail DOT com> wrote:
>>
>>>On 12/4/05, Christopher Faylor <cgf-no-personal-reply-please AT cygwin DOT com> 
>>>wrote:
>>>
>>>>On Sun, Dec 04, 2005 at 12:20:57PM +0100, Tomasz Chmielewski wrote:
>>>>
>>>>>I have a little open-source project, which eases Windows administration
>>>>>a bit.
>>>>>
>>>>>In some of the scripts, I use usernames and passwords (to get to a
>>>>>password-protected network share etc.).
>>>>>Because they are scripts, username and password is in plain.
>>>>>
>>>>>Although the script files are only readable by SYSTEM and
>>>>>Administrators, if a disk is stolen, someone could easily get the
>>>>>passwords by doing simple "grep -r password ./*".
>>>>>
>>>>>Do you know some tool which could "encode" scripts?
>>>
>>>instead of storing them plaintext, why don't you try encoding them via
>>>cryptographic hashes - md5, sha1, tiger and the like.
>>
>>
>>How is the script going to get the plaintext password if all it has is
>>a one way hash?
>
>I don't really care, perhaps it won't be any one way hash anyway.
>
>It is to be a measure to prevent an accidental viewing of 
>usernames/passwords rather than some "military grade" tool which takes 
>100 years to break on a supercomputer.

So, in that case, someone has already made a suggestion:

http://cygwin.com/ml/cygwin/2005-12/msg00181.html

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/