| View previous topic :: View next topic |
| Author |
Message |
keeper2 Voice
Joined: 19 Jul 2006 Posts: 12
|
Posted: Sat Aug 12, 2006 1:38 pm Post subject: difference between encpass and encrypt |
|
|
The topic says it. I dont really see a difference between encpass and encrypt, the only one is that using encrypt you can give a password for the encryption.
What password encpass use? Or is it a one way encryption? |
|
| Back to top |
|
 |
nml375 Revered One
Joined: 04 Aug 2006 Posts: 2857
|
Posted: Sat Aug 12, 2006 1:47 pm Post subject: |
|
|
Passwords are encrypted in a one-way fashion (use encpass for this).
"encrypt" however allows you to encrypt a string with a key, to later decrypt it using "decrypt" and that same key.
And no, encpass does'nt use a hardcoded key.
edit: This behaviour of course completely depends on the encryption-module you've chosen to use (most ppl stick with blowfish.mod).
You might wanna check the source of above mentioned module for further/deeper knowledges _________________ NML_375, idling at #eggdrop@IrcNET |
|
| Back to top |
|
 |
keeper2 Voice
Joined: 19 Jul 2006 Posts: 12
|
Posted: Sat Aug 12, 2006 1:51 pm Post subject: |
|
|
| nml375 wrote: | Passwords are encrypted in a one-way fashion (use encpass for this).
"encrypt" however allows you to encrypt a string with a key, to later decrypt it using "decrypt" and that same key.
And no, encpass does'nt use a hardcoded key. |
Thanks exactly what I search for, but I was not sure if it is really one-way or only faked hardcoded  |
|
| Back to top |
|
 |
KrzychuG Master

Joined: 16 Aug 2003 Posts: 306 Location: Torun, Poland
|
Posted: Sun Aug 13, 2006 5:59 am Post subject: |
|
|
| nml375 wrote: |
And no, encpass does'nt use a hardcoded key.
|
Well, it's using hardcoded SALTs to make encrypted passwords "compatible" with other Eggdrops ;) _________________ Que? |
|
| Back to top |
|
 |
nml375 Revered One
Joined: 04 Aug 2006 Posts: 2857
|
Posted: Sun Aug 13, 2006 7:35 am Post subject: |
|
|
True... Tho I'd like to see anyone using those to decrypt the passwd hash (without bruteforcing it).
Does anyone remember why we don't use random salts and prepend it to the hash? (*nix-style)
Not that it makes it that much harder to bruteforce, just takes alittle longer.. _________________ NML_375, idling at #eggdrop@IrcNET |
|
| Back to top |
|
 |
KrzychuG Master

Joined: 16 Aug 2003 Posts: 306 Location: Torun, Poland
|
Posted: Sun Aug 13, 2006 10:52 am Post subject: |
|
|
| nml375 wrote: | | True... Tho I'd like to see anyone using those to decrypt the passwd hash (without bruteforcing it). ;) |
This won't help to decrypt but definatelly allow you to brute force it ;)
| Quote: |
Does anyone remember why we don't use random salts and prepend it to the hash? (*nix-style)
|
Probably because you would have to recreate your userfile (password mainly) once again after you update your bot in current state. Eggheads never drastically redesigned project and never liked to break compatibility with previous version (they did it once) so it have to be done like now ;)
I also remember that it's possible to have diffrent HASHes even for different user's passwords in 1.9 ;) _________________ Que? |
|
| Back to top |
|
 |
|