Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Storing Passwords
Top Forums Web Development Storing Passwords Post 302928987 by jim mcnamara on Tuesday 16th of December 2014 05:24:40 PM
Old 12-16-2014
Source code gives them where the keys are stored, if they can get to code.

The point is not any of the above. Where do you store the key to decrypt the half-key?
This is a logical fallacy. It is called circular reasoning. I need a key to decrypt a key. I still have to store that secondary key somewhere, or the system will have to regenerate it. Regenerate means I can see it in the source. Storage means it is a sitting duck, unencrypted.

I agree that simply having the algorithm and knowing the block cipher is not a complete solution, but the logic behind this needs some work. Having the source also means shell code or another crack is now a possibility.

There is far more to security than passwords. We have a large number of fairly insecure old unpatchable windows servers. They have many known exploits. They are pretty safe.

Why? Because getting to them externally is really hard, you have to hack several external software and physical barriers to get at them. But they could be trashed by an internal employee easily. So we have to have trust somewhere. ROI.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Passwords

I am running unix 11.xxx....How do you change a user password. The previous vs was passwd at the command prompt. This no longer works. Thanks for the help (3 Replies)
Discussion started by: turner.rd
3 Replies

2. Shell Programming and Scripting

Hide Passwords

Is there a way not to display the password in the sys out when your korn shell script logs into sqlplus? (3 Replies)
Discussion started by: lesstjm
3 Replies

3. UNIX for Dummies Questions & Answers

sqlplus and passwords

Hope I'm in the right place to ask this. ... and I'm a total noob by the way. When changing an account password through telnet, everything seems fine. I can telnet back in afterward, but if I try to use sqlplus to get in it tells me password invalid. If I try to get in through sqlplus with the... (1 Reply)
Discussion started by: tazman4
1 Replies

4. AIX

passwords encryption

I want to store a password of a user in a encrypted format and the use that encrypted password in my shell scripting. can any one of you let me know how to do it. Thanks in advance (0 Replies)
Discussion started by: kalpana.anuga
0 Replies

5. UNIX for Advanced & Expert Users

About unix passwords.

How the unix is maintaining the password ? How it does the encryption and how the passwords are stored in the system and where it is stored ? How it is better when compared to other OS ? (1 Reply)
Discussion started by: nagalenoj
1 Replies

6. OS X (Apple)

Storing ssh passwords/keys in keychain

Can anyone tell me how to set up ssh and keychain so when I connect to the remote system it uses keychain for the password or public key? The remote system is FreeBSD 8.0. Do I need to setup anything else on that end? Cheers. (0 Replies)
Discussion started by: Haggardly
0 Replies

7. Shell Programming and Scripting

passwords

Dear all, I need to automate/script a user password change process. I'm helpless cannot use expect since it's not installed and cannot install it either. Do i have an alternative. I can store the password in a file and that would be the password that would be set to all the users. If not i don't... (1 Reply)
Discussion started by: earlysame55
1 Replies

8. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

9. HP-UX

Passwords and shadows

version 11.22 1 - In this version there is the shadow file by default?. If so why when I search the file I get "No / etc / shadow file found"? 2 - What does the "*" in etc / password? at the beginning of each password? (1 Reply)
Discussion started by: shinju15
1 Replies

LEARN ABOUT DEBIAN

crypt::blowfish

Blowfish(3pm)						User Contributed Perl Documentation					     Blowfish(3pm)

NAME

       Crypt::Blowfish - Perl Blowfish encryption module

SYNOPSIS

	 use Crypt::Blowfish;
	 my $cipher = new Crypt::Blowfish $key;
	 my $ciphertext = $cipher->encrypt($plaintext);
	 my $plaintext	= $cipher->decrypt($ciphertext);

	 You probably want to use this in conjunction with
	 a block chaining module like Crypt::CBC.

DESCRIPTION

       Blowfish is capable of strong encryption and can use key sizes up to 56 bytes (a 448 bit key).  You're encouraged to take advantage of the
       full key size to ensure the strongest encryption possible from this module.

       Crypt::Blowfish has the following methods:

	blocksize()
	keysize()
	encrypt()
	decrypt()

FUNCTIONS

       blocksize
	   Returns the size (in bytes) of the block cipher.

	   Crypt::Blowfish doesn't return a key size due to its ability to use variable-length keys.  More accurately, it shouldn't, but it does
	   anyway to play nicely with others.

       new
		   my $cipher = new Crypt::Blowfish $key;

	   This creates a new Crypt::Blowfish BlockCipher object, using $key, where $key is a key of "keysize()" bytes (minimum of eight bytes).

       encrypt
		   my $cipher = new Crypt::Blowfish $key;
		   my $ciphertext = $cipher->encrypt($plaintext);

	   This function encrypts $plaintext and returns the $ciphertext where $plaintext and $ciphertext must be of "blocksize()" bytes.  (hint:
	   Blowfish is an 8 byte block cipher)

       decrypt
		   my $cipher = new Crypt::Blowfish $key;
		   my $plaintext = $cipher->decrypt($ciphertext);

	   This function decrypts $ciphertext and returns the $plaintext where $plaintext and $ciphertext must be of "blocksize()" bytes.  (hint:
	   see previous hint)

EXAMPLE

	       my $key = pack("H16", "0123456789ABCDEF");  # min. 8 bytes
	       my $cipher = new Crypt::Blowfish $key;
	       my $ciphertext = $cipher->encrypt("plaintex");  # SEE NOTES
	       print unpack("H16", $ciphertext), "
";

PLATFORMS

	       Please see the README document for platforms and performance
	       tests.

NOTES

       The module is capable of being used with Crypt::CBC.  You're encouraged to read the perldoc for Crypt::CBC if you intend to use this module
       for Cipher Block Chaining modes.  In fact, if you have any intentions of encrypting more than eight bytes of data with this, or any other
       block cipher, you're going to need some type of block chaining help.  Crypt::CBC tends to be very good at this.	If you're not going to
       encrypt more than eight bytes, your data must be exactly eight bytes long.  If need be, do your own padding. "" as a null byte is
       perfectly valid to use for this.

SEE ALSO

       Crypt::CBC, Crypt::DES, Crypt::IDEA

       Bruce Schneier, Applied Cryptography, 1995, Second Edition, published by John Wiley & Sons, Inc.

COPYRIGHT

       The implementation of the Blowfish algorithm was developed by, and is copyright of, A.M. Kuchling.

       Other parts of the perl extension and module are copyright of Systemics Ltd ( http://www.systemics.com/ ).

       Code revisions, updates, and standalone release are copyright 1999-2010 W3Works, LLC.

AUTHOR

       Original algorithm, Bruce Shneier.  Original implementation, A.M.  Kuchling.  Original Perl implementation, Systemics Ltd.  Current
       maintenance by W3Works, LLC.

       Current revision and maintainer:  Dave Paris <amused@pobox.com>

perl v5.14.2							    2010-03-04							     Blowfish(3pm)
All times are GMT -4. The time now is 04:00 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy