| View previous topic :: View next topic |
| Author |
Message |
keeper2
Voice
Joined: 19 Jul 2006
Posts: 12
|
 Posted: Sat Aug 12, 2006 1:38 pm Post subject: difference between encpass and encrypt |
 |
|
The topic says it. I dont really see a difference between encpass and encrypt, the only one is that using encrypt you can give a password for the encryption.
What password encpass use? Or is it a one way encryption? |
|
| Back to top |
|
 |
nml375
Revered One
Joined: 04 Aug 2006
Posts: 2857
|
| Posted: Sat Aug 12, 2006 1:47 pm Post subject: |
|
|
Passwords are encrypted in a one-way fashion (use encpass for this).
"encrypt" however allows you to encrypt a string with a key, to later decrypt it using "decrypt" and that same key.
And no, encpass does'nt use a hardcoded key.
edit: This behaviour of course completely depends on the encryption-module you've chosen to use (most ppl stick with blowfish.mod).
You might wanna check the source of above mentioned module for further/deeper knowledges
_________________
NML_375, idling at #eggdrop@IrcNET |
|
| Back to top |
|
|
keeper2
Voice
Joined: 19 Jul 2006
Posts: 12
|
| Posted: Sat Aug 12, 2006 1:51 pm Post subject: |
|
|
| nml375 wrote: | Passwords are encrypted in a one-way fashion (use encpass for this).
"encrypt" however allows you to encrypt a string with a key, to later decrypt it using "decrypt" and that same key.
And no, encpass does'nt use a hardcoded key. |
Thanks exactly what I search for, but I was not sure if it is really one-way or only faked hardcoded  |
|
| Back to top |
|
|
KrzychuG
Master
Joined: 16 Aug 2003
Posts: 306
Location: Torun, Poland
|
| Posted: Sun Aug 13, 2006 5:59 am Post subject: |
|
|
| nml375 wrote: |
And no, encpass does'nt use a hardcoded key.
|
Well, it's using hardcoded SALTs to make encrypted passwords "compatible" with other Eggdrops ;)
_________________
Que? |
|
| Back to top |
|
|
nml375
Revered One
Joined: 04 Aug 2006
Posts: 2857
|
| Posted: Sun Aug 13, 2006 7:35 am Post subject: |
|
|
True... Tho I'd like to see anyone using those to decrypt the passwd hash (without bruteforcing it).
Does anyone remember why we don't use random salts and prepend it to the hash? (*nix-style)
Not that it makes it that much harder to bruteforce, just takes alittle longer..
_________________
NML_375, idling at #eggdrop@IrcNET |
|
| Back to top |
|
|
KrzychuG
Master
Joined: 16 Aug 2003
Posts: 306
Location: Torun, Poland
|
| Posted: Sun Aug 13, 2006 10:52 am Post subject: |
|
|
| nml375 wrote: | | True... Tho I'd like to see anyone using those to decrypt the passwd hash (without bruteforcing it). ;) |
This won't help to decrypt but definatelly allow you to brute force it ;)
| Quote: |
Does anyone remember why we don't use random salts and prepend it to the hash? (*nix-style)
|
Probably because you would have to recreate your userfile (password mainly) once again after you update your bot in current state. Eggheads never drastically redesigned project and never liked to break compatibility with previous version (they did it once) so it have to be done like now ;)
I also remember that it's possible to have diffrent HASHes even for different user's passwords in 1.9 ;)
_________________
Que? |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
