Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Storing Passwords
Top Forums Web Development Storing Passwords Post 302928995 by Corona688 on Tuesday 16th of December 2014 05:49:33 PM
Old 12-16-2014
Quote:
Originally Posted by jim mcnamara
The point is not any of the above. Where do you store the key to decrypt the half-key?

This is a logical fallacy. It is called circular reasoning. I need a key to decrypt a key. I still have to store that secondary key somewhere, or the system will have to regenerate it. Regenerate means I can see it in the source. Storage means it is a sitting duck, unencrypted.
If you agree it's a fallacy, then what were you suggesting with:
Quote:
...the half-keys should be encrypted - both on the user side and the system side.
Unless your point was simply that you shouldn't keep them around indefinitely in retrievable form -- and I don't. I don't encrypt them though, just delete them at regular intervals, as the session times out.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Passwords

I am running unix 11.xxx....How do you change a user password. The previous vs was passwd at the command prompt. This no longer works. Thanks for the help (3 Replies)
Discussion started by: turner.rd
3 Replies

2. Shell Programming and Scripting

Hide Passwords

Is there a way not to display the password in the sys out when your korn shell script logs into sqlplus? (3 Replies)
Discussion started by: lesstjm
3 Replies

3. UNIX for Dummies Questions & Answers

sqlplus and passwords

Hope I'm in the right place to ask this. ... and I'm a total noob by the way. When changing an account password through telnet, everything seems fine. I can telnet back in afterward, but if I try to use sqlplus to get in it tells me password invalid. If I try to get in through sqlplus with the... (1 Reply)
Discussion started by: tazman4
1 Replies

4. AIX

passwords encryption

I want to store a password of a user in a encrypted format and the use that encrypted password in my shell scripting. can any one of you let me know how to do it. Thanks in advance (0 Replies)
Discussion started by: kalpana.anuga
0 Replies

5. UNIX for Advanced & Expert Users

About unix passwords.

How the unix is maintaining the password ? How it does the encryption and how the passwords are stored in the system and where it is stored ? How it is better when compared to other OS ? (1 Reply)
Discussion started by: nagalenoj
1 Replies

6. OS X (Apple)

Storing ssh passwords/keys in keychain

Can anyone tell me how to set up ssh and keychain so when I connect to the remote system it uses keychain for the password or public key? The remote system is FreeBSD 8.0. Do I need to setup anything else on that end? Cheers. (0 Replies)
Discussion started by: Haggardly
0 Replies

7. Shell Programming and Scripting

passwords

Dear all, I need to automate/script a user password change process. I'm helpless cannot use expect since it's not installed and cannot install it either. Do i have an alternative. I can store the password in a file and that would be the password that would be set to all the users. If not i don't... (1 Reply)
Discussion started by: earlysame55
1 Replies

8. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

9. HP-UX

Passwords and shadows

version 11.22 1 - In this version there is the shadow file by default?. If so why when I search the file I get "No / etc / shadow file found"? 2 - What does the "*" in etc / password? at the beginning of each password? (1 Reply)
Discussion started by: shinju15
1 Replies

LEARN ABOUT DEBIAN

wa_keyring

WA_KEYRING(1)							      WebAuth							     WA_KEYRING(1)

NAME

       wa_keyring - WebAuth keyring manipulation tool

SYNOPSIS

       wa_keyring [--hv] -f file command [arg ...]

       wa_keyring -f keyring add valid-after

       wa_keyring -f keyring gc oldest-valid-after-to-keep

       wa_keyring -f keyring list

       wa_keyring -f keyring remove id

DESCRIPTION

       wa_keyring is a command line tool to manage WebAuth key ring files, which contain the private AES keys used by mod_webauth and mod_webkdc.
       It supports the following individual commands:

       add valid-after
	   Adds a new key to the key ring.  valid-after uses the format:

	       nnnn[s|m|h|d|w]

	   to indicate a time relative to the current time. The units for the time are specified by appending a single letter.	That letter can be
	   any of s, m, h, d, or w, which correspond to seconds, minutes, hours, days, and weeks respectively.

	   For example: 10d is 10 days from the current time, and -60d is 60 days before the current time.

       gc oldest-valid-after-to-keep
	   Garbage collects (removes) old keys on the key ring.  Any keys with a valid-after date older then the specified time will be removed
	   from the key ring.

	   The format for oldest-valid-after-to-keep is the same as valid-after from the add command.  Note that this means that times given to
	   the gc command should generally be negative, to remove keys that have expired in the past.

       list
	   Lists all the keys in the key ring.	By default, a brief listing is used, but a verbose listing can be requested with the -v option.

	   The following fields are present in a short listing:

	   id  The index/position of the key in the key ring.

	   Created
	       The date the key was created.

	   Valid after
	       The date at which the key becomes valid (in other words, the point at which the WebAuth server will start using it to encrypt and
	       decrypt new data).

	   Fingerprint
	       The MD5 digest of the key data.	Used to compare keys in two key rings.

	   The following fields are present in the long listing:

	   Key-Id
	       The index/position of the key in the key ring.

	   Created
	       The date the key was created.

	   Valid-After
	       The date at which the key becomes valid (in other words, the point at which the WebAuth server will start using it to encrypt and
	       decrypt new data).

	   Key-Type
	       The type of key.  Currently, AES is the only supported key type.

	   Key-Size
	       Length in bytes of the key.

	   Fingerprint
	       The MD5 digest of the key data. Used to compare keys in two key rings.

       remove id
	   Remove the key with ID id from the key ring.

EXAMPLES

       Add a key to the keyring valid as of the current time:

	   wa_keyring -f keyring add 0d

       Add a key to the keyring that will be valid three days from now:

	   wa_keyring -f keyring add 3d

       Remove keys from the key ring that became invalid more than 90 days ago:

	   wa_keyring -f keyring gc -90d

       Remove the first key in the keyring.

	   wa_keyring -f keyring remove 0

       Display a verbose listing of all of the keys in the key ring:

	   wa_keyring -f keyring -v list

       Note that a WebAuth server will normally manage its keyring file by itself, and wa_keyring is normally only used for debugging purposes.
       However, if you are setting up a load-balanced pool of servers that need to all share the same keys, turn off automatic keyring handling by
       putting the line:

	   WebAuthKeyringAutoUpdate off

       to your Apache configuration, running a script periodically from cron on one server that does something like:

	   wa_keyring -f keyring gc -90d
	   wa_keyring -f keyring add 2d

       and then copying (in a secure manner!) the new keyring file to all of the other servers.

AUTHOR

       Roland Schemers <schemers@stanford.edu>

4.1.1								    2012-04-25							     WA_KEYRING(1)
All times are GMT -4. The time now is 01:25 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy