X-Spam-Check-By: sourceware.org
Date: Tue, 6 Dec 2005 15:52:11 -0500 (EST)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: Tomasz Chmielewski <mangoo AT wpkg DOT org>
cc: cygwin AT cygwin DOT com
Subject: Re: encoding scripts (so that user can't see passwords easily)?
In-Reply-To: <4395F187.2020908@wpkg.org>
Message-ID: <Pine.GSO.4.63.0512061540330.35@slinky.cs.nyu.edu>
References: <4392D119 DOT 7080409 AT wpkg DOT org> <20051204173646 DOT GA28855 AT trixie DOT casa DOT cgf DOT cx>  <deca9ec80512042242h44317cexf2878291acddcc8a AT mail DOT gmail DOT com>  <7ff9c2a10512060949l72e9693bv251e0d46c36ea0e0 AT mail DOT gmail DOT com>  <4395E827 DOT 4070804 AT wpkg DOT org> <61f6f4390512061158o5a2ef71by6e1a419c8e6499b3 AT mail DOT gmail DOT com>  <20051206140214 DOT A4275 AT reliant DOT immure DOT com> <4395F187 DOT 2020908 AT wpkg DOT org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Tue, 6 Dec 2005, Tomasz Chmielewski wrote:

> Wayne Willcox schrieb:
>
> > On Tue, Dec 06, 2005 at 02:58:15PM -0500, Jim Drash wrote:
> >
> > > Don't put the user names or passwords in the script put them in a file
> > > only readable by SYSTEM
>
> > that would not solve the requirement of protecting the passwords
> > if the disk was stolen.  The scripts are supposedly already
> > readable by system and admin only.
> >
>
> That's exactly what I mean (they are already readable by SYSTEM and admins
> only).
>
> If the disk is stolen, it would add some extra time before the password is
> compromised.
>
> Someone gave a clue here:
>
> http://cygwin.com/ml/cygwin/2005-12/msg00181.html
>
> "instead of storing them plaintext, why don't you try encoding them via
> cryptographic hashes - md5, sha1, tiger and the like."
>
> But I don't really know where to start (which tool should I use for it?)

Umm, "crypt"?  As in

stored_password=42wlq4L2SDUdw
echo -n "Enter your password: "; stty -echo; read password; stty echo
if [ x"`crypt 42 "$password"`" = x"$stored_password" ]; then
  echo "Access granted"
else
  echo "Invalid password"
fi

(the '42' above is the "salt" -- see "man crypt").
HTH,
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

If there's any real truth it's that the entire multidimensional infinity
of the Universe is almost certainly being run by a bunch of maniacs. /DA

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/