X-Spam-Check-By: sourceware.org
Message-ID: <4395F187.2020908@wpkg.org>
Date: Tue, 06 Dec 2005 21:16:07 +0100
From: Tomasz Chmielewski <mangoo AT wpkg DOT org>
User-Agent: Mozilla Thunderbird 1.0.7-3mdk (X11/20051015)
MIME-Version: 1.0
To: Wayne Willcox <wayne AT reliant DOT immure DOT com>
Cc: cygwin AT cygwin DOT com
Subject: Re: encoding scripts (so that user can't see passwords easily)?
References: <4392D119 DOT 7080409 AT wpkg DOT org> <20051204173646 DOT GA28855 AT trixie DOT casa DOT cgf DOT cx> <deca9ec80512042242h44317cexf2878291acddcc8a AT mail DOT gmail DOT com> <7ff9c2a10512060949l72e9693bv251e0d46c36ea0e0 AT mail DOT gmail DOT com> <4395E827 DOT 4070804 AT wpkg DOT org> <61f6f4390512061158o5a2ef71by6e1a419c8e6499b3 AT mail DOT gmail DOT com> <20051206140214 DOT A4275 AT reliant DOT immure DOT com>
In-Reply-To: <20051206140214.A4275@reliant.immure.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Wayne Willcox schrieb:

> On Tue, Dec 06, 2005 at 02:58:15PM -0500, Jim Drash wrote:
> 
>>Don't put the user names or passwords in the script put them in a file
>>only readable by SYSTEM

 > that would not solve the requirement of protecting the passwords
 > if the disk was stolen.  The scripts are supposedly already
 > readable by system and admin only.
 >

That's exactly what I mean (they are already readable by SYSTEM and 
admins only).

If the disk is stolen, it would add some extra time before the password 
is compromised.

Someone gave a clue here:

http://cygwin.com/ml/cygwin/2005-12/msg00181.html

"instead of storing them plaintext, why don't you try encoding them via
cryptographic hashes - md5, sha1, tiger and the like."

But I don't really know where to start (which tool should I use for it?)


-- 
Tomek
http://wpkg.org
WPKG - software deployment and upgrades with Samba

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/