one bad brain on Fri, 15 Dec 2000 12:58:36 -0500 (EST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: Passowrds, encryption, PGP, etc


If you need to do encryption/decryption in perl, one way would be with the famous RSA perl implementation.  You can crypt/decrypt with it.  Now, this would make it possible to pipe the decrypted output to a secure web page or some such other method of displaying it to your boss.

http://www.cypherspace.org/~adam/rsa/

the actual 2 line implementation of the perl code is:

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`

lots of explanations are on that web page.
You of course know that there will be alot of flaws and security holes, especially if you encrypt all the passwords with one key.

Keeping all that in mind (i don't know much about MS anything) but could you possibly do the encryption/decryption in perl with gpg/RSA-in-perl/etc. and pipe the output over an ssh session to VB and pop that into Access so your boss could see the passwords?

If you used SSH as the communication method between machines your boss could even have the key stored on his machine (although he would be the only one with the key, anyone that could crack his Win box could get the key).

In any rate, it is going to end up being the lesser of many evils that you choose.

-hunter.

On Fri, Dec 15, 2000 at 12:28:45PM -0500, mjd-perl-pm@plover.com wrote:
> 
> > Problem 1: I need to store their dial-in passwords.
> > Please don't flame me for it - it wasn't my decision.
> > These passwords are stored on Unix box in Informix DB so
> > it's not that easy to get to them. Anyway, I don't like
> > the idea of storing unencrypted passwords. That's why I
> > need an encryption/decryption algorithm, 
> 
> When you encrypt the passwords, you don't want to be able to decrypt
> them, because then someone might.  Instead, you use what's called a
> 'one-way hash' algorithm, which scrambles the password but is
> impossible to reverse.
> 
> Then when the user enters their password, you scramble it the same way
> and see if the two scrambled versions match.
> 
> Normally I would recommend the MD5 or SHA algorithms; there are Perl
> modules for both.  However:
> 
> > not too complicated because my boss may want to access the passwords
> > from ms access/vb.
> 
> I can't help you with this part.
> 
> **Majordomo list services provided by PANIX <URL:http://www.panix.com>**
> **To Unsubscribe, send "unsubscribe phl" to majordomo@lists.pm.org**
**Majordomo list services provided by PANIX <URL:http://www.panix.com>**
**To Unsubscribe, send "unsubscribe phl" to majordomo@lists.pm.org**