Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Storing Passwords
Top Forums Web Development Storing Passwords Post 302928995 by Corona688 on Tuesday 16th of December 2014 05:49:33 PM
Old 12-16-2014
Quote:
Originally Posted by jim mcnamara
The point is not any of the above. Where do you store the key to decrypt the half-key?

This is a logical fallacy. It is called circular reasoning. I need a key to decrypt a key. I still have to store that secondary key somewhere, or the system will have to regenerate it. Regenerate means I can see it in the source. Storage means it is a sitting duck, unencrypted.
If you agree it's a fallacy, then what were you suggesting with:
Quote:
...the half-keys should be encrypted - both on the user side and the system side.
Unless your point was simply that you shouldn't keep them around indefinitely in retrievable form -- and I don't. I don't encrypt them though, just delete them at regular intervals, as the session times out.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Passwords

I am running unix 11.xxx....How do you change a user password. The previous vs was passwd at the command prompt. This no longer works. Thanks for the help (3 Replies)
Discussion started by: turner.rd
3 Replies

2. Shell Programming and Scripting

Hide Passwords

Is there a way not to display the password in the sys out when your korn shell script logs into sqlplus? (3 Replies)
Discussion started by: lesstjm
3 Replies

3. UNIX for Dummies Questions & Answers

sqlplus and passwords

Hope I'm in the right place to ask this. ... and I'm a total noob by the way. When changing an account password through telnet, everything seems fine. I can telnet back in afterward, but if I try to use sqlplus to get in it tells me password invalid. If I try to get in through sqlplus with the... (1 Reply)
Discussion started by: tazman4
1 Replies

4. AIX

passwords encryption

I want to store a password of a user in a encrypted format and the use that encrypted password in my shell scripting. can any one of you let me know how to do it. Thanks in advance (0 Replies)
Discussion started by: kalpana.anuga
0 Replies

5. UNIX for Advanced & Expert Users

About unix passwords.

How the unix is maintaining the password ? How it does the encryption and how the passwords are stored in the system and where it is stored ? How it is better when compared to other OS ? (1 Reply)
Discussion started by: nagalenoj
1 Replies

6. OS X (Apple)

Storing ssh passwords/keys in keychain

Can anyone tell me how to set up ssh and keychain so when I connect to the remote system it uses keychain for the password or public key? The remote system is FreeBSD 8.0. Do I need to setup anything else on that end? Cheers. (0 Replies)
Discussion started by: Haggardly
0 Replies

7. Shell Programming and Scripting

passwords

Dear all, I need to automate/script a user password change process. I'm helpless cannot use expect since it's not installed and cannot install it either. Do i have an alternative. I can store the password in a file and that would be the password that would be set to all the users. If not i don't... (1 Reply)
Discussion started by: earlysame55
1 Replies

8. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

9. HP-UX

Passwords and shadows

version 11.22 1 - In this version there is the shadow file by default?. If so why when I search the file I get "No / etc / shadow file found"? 2 - What does the "*" in etc / password? at the beginning of each password? (1 Reply)
Discussion started by: shinju15
1 Replies

LEARN ABOUT SUNOS

keylogin

keylogin(1)							   User Commands						       keylogin(1)

NAME

       keylogin - decrypt and store secret key with keyserv

SYNOPSIS

       /usr/bin/keylogin [-r]

DESCRIPTION

       The  keylogin command prompts for a password, and uses it to decrypt the user's secret key. The key may be found in the /etc/publickey file
       (see publickey(4)) or the  NIS map ``publickey.byname'' or the  NIS+ table ``cred.org_dir'' in the user's  home	domain.  The  sources  and
       their  lookup  order are specified in the /etc/nsswitch.conf file. See nsswitch.conf(4). Once decrypted, the user's secret key is stored by
       the local key server process, keyserv(1M). This stored key is used when issuing requests to any secure RPC services, such as NFS  or  NIS+.
       The program keylogout(1) can be used to delete the key stored by keyserv .

       keylogin  will  fail  if it cannot get the caller's key, or the password given is incorrect. For a new user or host, a new key can be added
       using  newkey(1M), nisaddcred(1M), or nisclient(1M).

       If multiple authentication mechanisms are configured for the system, each of the configured mechanism's secret key will	be  decrypted  and
       stored by  keyserv(1M).	See nisauthconf(1M) for information on configuring multiple authentication mechanisms.

OPTIONS

       -r	Update	the  /etc/.rootkey  file.  This  file  holds  the unencrypted secret key of the superuser. Only the superuser may use this
		option. It is used so that processes running as superuser can issue authenticated requests without requiring that the  administra-
		tor  explicitly run keylogin as superuser at system startup time. See keyserv(1M). The -r option should be used by the administra-
		tor when the host's entry in the publickey database has changed, and the /etc/.rootkey file has become out-of-date  with   respect
		to  the  actual  key pair stored in the publickey database. The permissions on the /etc/.rootkey file are such that it may be read
		and written by the superuser but by no other user on the system.

		If multiple authentication mechanisms are configured for the system, each of the configured mechanism's secret keys will be stored
		in the /etc/.rootkey file.

FILES

       /etc/.rootkey   superuser's secret key

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       chkey(1),  keylogout(1), login(1), keyserv(1M), newkey(1M), nisaddcred(1M), nisauthconf(1M), nisclient(1M), nsswitch.conf(4), publickey(4),
       attributes(5)

NOTES

       NIS+ might not be supported in future releases of the SolarisTM Operating Environment. Tools to aid the migration from  NIS+  to  LDAP  are
       available in the Solaris 9 operating environment. For more information, visit http://www.sun.com/directory/nisplus/transition.html.

SunOS 5.10							    10 Dec 2001 						       keylogin(1)
All times are GMT -4. The time now is 11:07 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy