Protect Password File

For discussions about programming, programming questions/advice, and projects that don't really have anything to do with Puppy.
Post Reply
Message
Author
jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

Protect Password File

#1 Post by jpeps »

It seems like a good idea to get paranoid about password files. This example will open the file for editing ("pass") or search for an entry ("pass [entry]"). Before doing either, it asks for a password both to read the file and then to re-encrypt it. Bottom line...there's no open password file on the disk with all my account info in it. Note: I'm using vim editor ...geany would work.

Code: Select all

#!/bin/sh

DIR="/mnt/sda2/MyFiles/OfficeDocs"
if [ ! -e $1 ]; then
bcrypt "${DIR}/pass.txt.bfe"
 grep -i $1 "${DIR}/pass.txt"
else
bcrypt "${DIR}/pass.txt.bfe"
 vim "${DIR}/pass.txt"
fi
bcrypt  "${DIR}/pass.txt"
Top
jamesjeffries2
Posts: 196
Joined: Mon 28 Apr 2008, 00:50

#2 Post by jamesjeffries2 »

Alternatively you could only store a hash of the password then compare the hash of the password entered by the user to the one stored in the file. That way you never have to store the password in plain text. Read this for more information about why this is good: http://www.codinghorror.com/blog/2007/0 ... ectly.html
Top
jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#3 Post by jpeps »

jamesjeffries2 wrote:Alternatively you could only store a hash of the password then compare the hash of the password entered by the user to the one stored in the file. That way you never have to store the password in plain text. Read this for more information about why this is good: http://www.codinghorror.com/blog/2007/0 ... ectly.html
"Finally, we learned that if we want to store passwords securely we have three reasonable options: PHK's MD5 scheme, Provos-Maziere's Bcrypt scheme, and SRP. We learned that the correct choice is Bcrypt."


For individual passwords, I use a password generator:
http://murga-linux.com/puppy/viewtopic. ... 75&t=72102

The nice thing about the password file, is that I can use all unique passwords. example: "%ABp:UTVobXN"


"Add a long, unique random salt to each password you store. The point of a salt (or nonce, if you prefer) is to make each password unique and long enough that brute force attacks are a waste of time. So, the user's password, instead of being stored as the hash of "myspace1", ends up being stored as the hash of 128 characters of random unicode string + "myspace1". You're now completely immune to rainbow table attack. "
Top
Post Reply

Return to “Programming”