X-Spam-Check-By: sourceware.org
Message-ID: <4395F92D.15C2A262@dessent.net>
Date: Tue, 06 Dec 2005 12:48:45 -0800
From: Brian Dessent <brian AT dessent DOT net>
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: encoding scripts (so that user can't see passwords easily)?
References: <4392D119 DOT 7080409 AT wpkg DOT org> <20051204173646 DOT GA28855 AT trixie DOT casa DOT cgf DOT cx> <deca9ec80512042242h44317cexf2878291acddcc8a AT mail DOT gmail DOT com> <7ff9c2a10512060949l72e9693bv251e0d46c36ea0e0 AT mail DOT gmail DOT com> <4395E827 DOT 4070804 AT wpkg DOT org> <61f6f4390512061158o5a2ef71by6e1a419c8e6499b3 AT mail DOT gmail DOT com> <20051206140214 DOT A4275 AT reliant DOT immure DOT com> <4395F187 DOT 2020908 AT wpkg DOT org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Reply-To: cygwin AT cygwin DOT com
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Tomasz Chmielewski wrote:

> That's exactly what I mean (they are already readable by SYSTEM and
> admins only).
> 
> If the disk is stolen, it would add some extra time before the password
> is compromised.
> 
> Someone gave a clue here:
> 
> http://cygwin.com/ml/cygwin/2005-12/msg00181.html
> 
> "instead of storing them plaintext, why don't you try encoding them via
> cryptographic hashes - md5, sha1, tiger and the like."
> 
> But I don't really know where to start (which tool should I use for it?)

Let's step back a minute.

If your script is storing passwords so that it can *supply* them to
windows, then you can't store hashes.  That only works if your script
accepts passwords itself and then verifies them *itself* against the
stored hashes.

Now, assuming you need to store passwords in plaintext:

Without some sort of external storage, there is absolutely nothing you
can do to prevent someone that stole the drive from being able to read
the plaintext passwords.  You can encrypt them up the wazoo, it doesn't
matter.  To encrypt you have to use a key of some kind, and unless you
store that key in a location off of the hard drive, then all the
attacker has to do is take the key and use it to decrypt.  
Put another way, the attacker can do whatever the PC does to access the
passwords.  So if the PC can access the passwords without data from
elsewhere, so can the thief.

So, unless you're planning on setting up something where a passphrase
not stored on the disk is entered on the keyboard, retrieved from a
floppy, etc. then you're wasting your time.

If you just want to encrypt to say that you've encrypted, then there are
tons of utilities to do this.  Try "man openssl" or "man enc" for
starters.  But again, if you store the encrypted file next along with
the key on the disk then you've accomplished absolutely nothing from a
security standpoint.  (This is assuming you use a key without a
passphrase.  But if you do that you are essentially no longer storing
the key on the disk, since it will require some keyboard input to
function.)

Brian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/