Re: Unchangeable passwords

From: Volker Birk (bumens_at_dingens.org)
Date: 10/06/03


Date: Mon, 6 Oct 2003 03:57:44 +0200

Nico Kadel-Garcia <nkadel@comcast.net> wrote:
>> Storing such keys offers new security risks.
> As opposed to a set of UID=0 accounts, each with their own passwords,
> which was your suggestion? They're *different* security risks, but I
> think more manageable.

I don't think so. It is difficult to store hashes, because you can
attack them if they're disclosed. But one needs time to do that, and
with some hashes the attacker has no chance to break them (hopefully
every UID 0 password and the hashing algorithm should be so, that
breaking the hashes will not be possible by the knowledge we have),
so if somebody discloses hashes, you don't loose any security, and
you have time to react.

If somebody discloses private keys, that was it.

Therefore, storing such keys offers new security risks.

VB.

-- 
X-Pie Software GmbH
Postfach 1540, 88334 Bad Waldsee
Phone +49-7524-996806 Fax +49-7524-996807
mailto:vb@x-pie.de  http://www.x-pie.de


Relevant Pages

  • Re: How to compare hashes to find matching keys with conflicting values.
    ... I have found some great examples of how> to compare hashes and locate common keys or missing keys. ... # If no conflict, ...
    (perl.beginners)
  • Re: Idiot Q: How to find index number of HASH match?
    ... Here are two hash tables, ... Hashes don't have 'links'. ... Hashes do not have index numbers and they don't have arrays. ... least) two choices for keeping your hash keys in order: ...
    (comp.lang.perl.misc)
  • Re: XML parser as reader macro?
    ... keywords should create hashes of their child elements. ... interface to a hash utility library. ... (defun hash-tree-get (tree &rest keys) ...
    (comp.lang.lisp)
  • Re: How to avoid rehashing?
    ... with strings. ... And keeping this in a hash. ... I use the words as keys since I want to find every occurence of the ... these hashes, which I need to do more than once. ...
    (perl.beginners)
  • Re: Hashes are good, but not good enough.
    ... I tried to implement this DAWG data structure with Perl but I found it VERY ... You could put a hash at a final node, with keys consisting of those ... but still large hashes. ...
    (comp.lang.perl.misc)