Re: Database users Passwords

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Shane Ambler <[email protected]>
To: Jorge Godoy <[email protected]>
Cc: Jeff Davis <[email protected]>
Cc: DEV <[email protected]>
Cc: [email protected]
Subject: Re: Database users Passwords
Date: Wed, 18 Oct 2006 05:05:45 +0930
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <002c01c6f1fa$652d3f60$0b01a8c0@LT003>
	<[email protected]>
	<[email protected]>
	<[email protected]>

Jorge Godoy wrote:
> Shane Ambler <[email protected]> writes:
> 
>> What Dev would want to look for (probably create) is a small script that will
>> read his list of crypt passwords and un-crypt them into a create role string
>> that is fed to psql.
> 
> Except that the hash used is unidirectional, i.e., there's no way to decrypt
> it besides a brute force attack or something like that. 
> 
> If he's got, e.g., 10 users with strong passwords this kind of thing can take
> some weeks.
> 

crypt may be a custom function (or what Dev calls something else 
altogether) which is one way and complex - that info wasn't given.

The only crypt I know of is the crypt command (FreeBSD has it at 
/usr/bin/crypt) and is also known as enigma. This is a two way 
encryption and is fast.
If that is what he is using then decrypting will not be part of the time 
issue and is the basis of the advice I gave.

According to time - decrypting a 3K file takes about .002 seconds

If a strong one way encryption has been used then he is out of luck and 
will need the users to re-enter their passwords after the accounts are 
created with another password of some sort.
Which is also another option for him even if he can decrypt what is 
currently stored.

-- 

Shane Ambler
[email protected]

Get Sheeky @ http://Sheeky.Biz

view thread (11+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Database users Passwords
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox