12-16-2014
Quote:
Originally Posted by
jim mcnamara
The point is not any of the above. Where do you store the key to decrypt the half-key?
This is a logical fallacy. It is called circular reasoning. I need a key to decrypt a key. I still have to store that secondary key somewhere, or the system will have to regenerate it. Regenerate means I can see it in the source. Storage means it is a sitting duck, unencrypted.
If you agree it's a fallacy, then what
were you suggesting with:
Quote:
...the half-keys should be encrypted - both on the user side and the system side.
Unless your point was simply that you shouldn't keep them around indefinitely in retrievable form -- and I don't. I don't encrypt them though, just delete them at regular intervals, as the session times out.
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I am running unix 11.xxx....How do you change a user password. The previous vs was passwd at the command prompt. This no longer works. Thanks for the help (3 Replies)
Discussion started by: turner.rd
3 Replies
2. Shell Programming and Scripting
Is there a way not to display the password in the sys out when your korn shell script logs into sqlplus? (3 Replies)
Discussion started by: lesstjm
3 Replies
3. UNIX for Dummies Questions & Answers
Hope I'm in the right place to ask this.
... and I'm a total noob by the way.
When changing an account password through telnet, everything seems fine. I can telnet back in afterward, but if I try to use sqlplus to get in it tells me password invalid. If I try to get in through sqlplus with the... (1 Reply)
Discussion started by: tazman4
1 Replies
4. AIX
I want to store a password of a user in a encrypted format and the use that encrypted password in my shell scripting. can any one of you let me know how to do it.
Thanks in advance (0 Replies)
Discussion started by: kalpana.anuga
0 Replies
5. UNIX for Advanced & Expert Users
How the unix is maintaining the password ?
How it does the encryption and how the passwords are stored in the system and where it is stored ?
How it is better when compared to other OS ? (1 Reply)
Discussion started by: nagalenoj
1 Replies
6. OS X (Apple)
Can anyone tell me how to set up ssh and keychain so when I connect to the remote system it uses keychain for the password or public key? The remote system is FreeBSD 8.0. Do I need to setup anything else on that end?
Cheers. (0 Replies)
Discussion started by: Haggardly
0 Replies
7. Shell Programming and Scripting
Dear all,
I need to automate/script a user password change process. I'm helpless cannot use expect since it's not installed and cannot install it either. Do i have an alternative. I can store the password in a file and that would be the password that would be set to all the users. If not i don't... (1 Reply)
Discussion started by: earlysame55
1 Replies
8. UNIX for Advanced & Expert Users
I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies
9. HP-UX
version 11.22
1 - In this version there is the shadow file by default?. If so why when I search the file I get "No / etc / shadow file found"?
2 - What does the "*" in etc / password? at the beginning of each password? (1 Reply)
Discussion started by: shinju15
1 Replies
LEARN ABOUT FREEBSD
hprop
HPROP(8) BSD System Manager's Manual HPROP(8)
NAME
hprop -- propagate the KDC database
SYNOPSIS
hprop [-m file | --master-key=file] [-d file | --database=file] [--source=heimdal|mit-dump] [-r string | --v4-realm=string] [-c cell |
--cell=cell] [-k keytab | --keytab=keytab] [-R string | --v5-realm=string] [-D | --decrypt] [-E | --encrypt] [-n | --stdout]
[-v | --verbose] [--version] [-h | --help] [host[:port]] ...
DESCRIPTION
hprop takes a principal database in a specified format and converts it into a stream of Heimdal database records. This stream can either be
written to standard out, or (more commonly) be propagated to a hpropd(8) server running on a different machine.
If propagating, it connects to all hosts specified on the command by opening a TCP connection to port 754 (service hprop) and sends the data-
base in encrypted form.
Supported options:
-m file, --master-key=file
Where to find the master key to encrypt or decrypt keys with.
-d file, --database=file
The database to be propagated.
--source=heimdal|mit-dump|krb4-dump|kaserver
Specifies the type of the source database. Alternatives include:
heimdal a Heimdal database
mit-dump a MIT Kerberos 5 dump file
+.It Fl k Ar keytab , Fl Fl keytab= Ns Ar keytab The keytab to use for fetching the key to be used for authenticating to the propaga-
tion daemon(s). The key hprop/hostname is used from this keytab. The default is to fetch the key from the KDC database.
-R string, --v5-realm=string
Local realm override.
-D, --decrypt
The encryption keys in the database can either be in clear, or encrypted with a master key. This option transmits the database with
unencrypted keys.
-E, --encrypt
This option transmits the database with encrypted keys.
-n, --stdout
Dump the database on stdout, in a format that can be fed to hpropd.
EXAMPLES
The following will propagate a database to another machine (which should run hpropd(8)):
$ hprop slave-1 slave-2
SEE ALSO
hpropd(8)
HEIMDAL
December 8, 2004 HEIMDAL