X-Spam-Check-By: sourceware.org
Message-ID: <4395E827.4070804@wpkg.org>
Date: Tue, 06 Dec 2005 20:36:07 +0100
From: Tomasz Chmielewski <mangoo@wpkg.org>
User-Agent: Mozilla Thunderbird 1.0.7-3mdk (X11/20051015)
MIME-Version: 1.0
To: Svend Sorensen <ssorensen@gmail.com>
Cc: cygwin@cygwin.com
Subject: Re: encoding scripts (so that user can't see passwords easily)?
References: <4392D119.7080409@wpkg.org> 	 <20051204173646.GA28855@trixie.casa.cgf.cx> 	 <deca9ec80512042242h44317cexf2878291acddcc8a@mail.gmail.com> <7ff9c2a10512060949l72e9693bv251e0d46c36ea0e0@mail.gmail.com>
In-Reply-To: <7ff9c2a10512060949l72e9693bv251e0d46c36ea0e0@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

Svend Sorensen schrieb:
> On 12/4/05, nidhog <nidhog@gmail.com> wrote:
> 
>>On 12/4/05, Christopher Faylor <cgf-no-personal-reply-please@cygwin.com> wrote:
>>
>>>On Sun, Dec 04, 2005 at 12:20:57PM +0100, Tomasz Chmielewski wrote:
>>>
>>>>I have a little open-source project, which eases Windows administration
>>>>a bit.
>>>>
>>>>In some of the scripts, I use usernames and passwords (to get to a
>>>>password-protected network share etc.).
>>>>Because they are scripts, username and password is in plain.
>>>>
>>>>Although the script files are only readable by SYSTEM and
>>>>Administrators, if a disk is stolen, someone could easily get the
>>>>passwords by doing simple "grep -r password ./*".
>>>>
>>>>Do you know some tool which could "encode" scripts?
>>
>>instead of storing them plaintext, why don't you try encoding them via
>>cryptographic hashes - md5, sha1, tiger and the like.
> 
> 
> How is the script going to get the plaintext password if all it has is
> a one way hash?

I don't really care, perhaps it won't be any one way hash anyway.

It is to be a measure to prevent an accidental viewing of 
usernames/passwords rather than some "military grade" tool which takes 
100 years to break on a supercomputer.


-- 
Tomek
http://wpkg.org
WPKG - software deployment and upgrades with Samba

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/