Enabling shadow passwords stores them in /etc/shadow which is not world
readable unlike /etc/passwd. They would be encrytped regardless of the
file they are in.
AlbaClause wrote:
> [EMAIL PROTECTED] wrote:
>
>
>> This may only be tangentially related to Python, but since I am coding
>> a pa
AlbaClause <[EMAIL PROTECTED]> writes:
> Correct me if I'm wrong, but I believe that all Linux passwords are
> encrypted whether you enable shadow passwords or not. I believe that when
> you enable shadow passwords, the encrypted passwords are stored in a file
> other than 'passwd'. Is this not
[EMAIL PROTECTED] wrote:
> This may only be tangentially related to Python, but since I am coding
> a password authentication system in Python, I thought I would ask here.
>
> In Linux (and presumably other *NIX systems that support it), when
> shadow passwords are enabled, the actual password is
Paul Rubin wrote:
> [EMAIL PROTECTED] writes:
> > My goal is to keep user passwords as safe as possible, assuming someone
> > did decide to steal the password files.
>
> How often will new accounts be added? I have an idea I might try to
> code up.
Frequently, I hope. Realistically, when I open
[EMAIL PROTECTED] writes:
> My goal is to keep user passwords as safe as possible, assuming someone
> did decide to steal the password files.
How often will new accounts be added? I have an idea I might try to
code up.
--
http://mail.python.org/mailman/listinfo/python-list
Paul Rubin wrote:
> [EMAIL PROTECTED] writes:
> > I had considered the hmac module. The thing that bugs me about it is
> > that I'd have to keep this secret key around someplace accessible to
> > the server. Most likely, this means storing it in a file.
>
> Yeah, this issue is traditionally a n
[EMAIL PROTECTED] writes:
> This is a password authentication system
> intended for a game server (a MUD/MMOG, in fact). The real limiting
> factor here is that I want to keep the server accessible via pure
> telnet protocol. Otherwise, using SSH would make sense.
If you're going to broadcast pa
This may only be tangentially related to Python, but since I am coding
a password authentication system in Python, I thought I would ask here.
In Linux (and presumably other *NIX systems that support it), when
shadow passwords are enabled, the actual password is not stored.
Instead an encrypted ve
First, I'd just like to say, wow, and thanks to both you and Sybren for
your fast responses. :) Twenty minutes is less time than it takes to
get an answer from some companies paid tech support. ;)
Paul Rubin wrote:
> There are two main issues:
>
> 1) Unix password hashing uses several different
[EMAIL PROTECTED] writes:
> Presumably, this is done using the crypt() system call (and,
> fortunuately, Python has a builtin crypt module!). Presumably, as
> well, this is at least somewhat secure, assuming a source of
> cryptographic randomness to use to choose the salt. Are SHA1 and MD5
> suit
10 matches
Mail list logo
