| Trolltech Home | Qt-interest Home | Recent Threads | All Threads | Author | Date | |
| All threads index page 1 | |
Happy New Year!
In my little password widget I have a line
key = crypt (p1.toAscii (), "$1$");
this works fine under Linux but what have I to do under Win32
to get a password key?
I use Qt 4.2 open source with MinGW.
Liebe Grüße, Nora.
nora@xxxxxxxxxxxxx
IM-NETZ Neue Medien, Berlin http://www.im-netz.de/
WWW von Frauen für Frauen, Hamburg http://www.w4w.net/
Lesbian Computer Networks, Helsinki http://www.sappho.net/
--
[ signature omitted ]
Hi, > In my little password widget I have a line > > key = crypt (p1.toAscii (), "$1$"); > > this works fine under Linux but what have I to do under Win32 > to get a password key? Which password? The above is the default password encryption function on Linux/Unix systems (MD5 or DES), but I think authentication is not necessarily based on crypt(). What are you trying to do? The context would help giving a better answer. You may want to have a look at SSPI, for example see: http://www.winterdom.com/dev/security/sspi.html -- [ signature omitted ]
Am 02. Januar 2007 um 11:53:43 +0100 schrieb Dimitri:
> Which password?
Let's assume the password is 'geheim'.
> The above is the default password encryption function on Linux/Unix
> systems (MD5 or DES), but I think authentication is not necessarily
> based on crypt().
If I do the following with above password
2002 [tova:~] =passwd nora
Changing password for user nora.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
I wonder in which english dictionary one may find this password :)
but however, I get an encrypted string in '/etc/shadow'
2003 [tova:~] =grep nora /etc/shadow
nora:$1$7TVWvKhn$a3uLG0BarbmVuTQZ.bhFU0:13515:0:99999:7:::
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The same can I do with 'crypt()' in C++ under Linux:
QString p1 = "geheim";
QString key = crypt (p1.toAscii (), "$1$");
// key contains now "$1$7TVWvKhn$a3uLG0BarbmVuTQZ.bhFU0" the
// very same string as in '/etc/shadow'
But, under Win32 I have no 'crypt()'. :'-(
Liebe Grüße, Nora.
nora@xxxxxxxxxxxxx
IM-NETZ Neue Medien, Berlin http://www.im-netz.de/
WWW von Frauen für Frauen, Hamburg http://www.w4w.net/
Lesbian Computer Networks, Helsinki http://www.sappho.net/
--
[ signature omitted ]
Hi, >> Which password? > > Let's assume the password is 'geheim'. The password of what? The user's authentication password? > If I do the following with above password > [...] > The same can I do with 'crypt()' in C++ under Linux: > > QString p1 = "geheim"; > QString key = crypt (p1.toAscii (), "$1$"); > // key contains now "$1$7TVWvKhn$a3uLG0BarbmVuTQZ.bhFU0" the > // very same string as in '/etc/shadow' But why would you want to do that? We're missing the general context? -- [ signature omitted ]
Am 02. Januar 2007 um 13:25:37 +0100 schrieb Dimitri:
> The password of what? The user's authentication password?
Yes.
> But why would you want to do that? We're missing the general context?
I have a little toplevel window containig 2 QLineEdit's. One have to
enter the (not shown) password twice. If they match, I generate an UNIX
system compatible MD5 key with 'crypt()' and put it in a MySQL table.
I hate storeing clear passwords in files or databases.
Liebe Grüße, Nora.
nora@xxxxxxxxxxxxx
IM-NETZ Neue Medien, Berlin http://www.im-netz.de/
WWW von Frauen für Frauen, Hamburg http://www.w4w.net/
Lesbian Computer Networks, Helsinki http://www.sappho.net/
--
[ signature omitted ]
On Tuesday 02 January 2007 14:05, Nora Etukudo wrote: > I have a little toplevel window containig 2 QLineEdit's. One have to > enter the (not shown) password twice. If they match, I generate an UNIX > system compatible MD5 key with 'crypt()' and put it in a MySQL table. > I hate storeing clear passwords in files or databases. So much was evident. Repeating the question of Dimitri: WHY do you do that? What do you secure with that password? Does it have to be Unix format? Or the native system format? May it be another format? Does it have to be compatible? If yes: with what? How secure is it supposed to be? Only against a few generally trusted people with local access and low motivation to crack? Is it available via Internet? Can huge amounts of money/trust be lost if one is cracked? You see: a simple ROT13 may be enough for you or the vaults of Fort Knox may not be secure enough depending on what you want to do. Konrad
Attachment:
Attachment:
pgpHyEgt3NKS8.pgp
Description: PGP signature
Message 7 in thread
Am 02. Januar 2007 um 15:30:34 +0100 schrieb Konrad Rosenbaum:
> Repeating the question of Dimitri: WHY do you do that?
I'm afraid, I can't follow you.
> Does it have to be Unix format?
This was convinient for me, so far. And, yes, it has to. There are
several other apps (Perl, PHP), which are dealing with the same keys.
I thought, handling with MD5 password keys in UNIX format which are
compatible to MySQL 'encrypt()' function too, might be the correct way.
> How secure is it supposed to be?
I don't know, but I thought the UNIX password keys where secure
enough for most situations.
I'm shure, many programs on Linux and *BSD use the same 'crypt()'.
Liebe Grüße, Nora.
nora@xxxxxxxxxxxxx
IM-NETZ Neue Medien, Berlin http://www.im-netz.de/
WWW von Frauen für Frauen, Hamburg http://www.w4w.net/
Lesbian Computer Networks, Helsinki http://www.sappho.net/
--
[ signature omitted ]
Message 8 in thread
Hi,
>> Repeating the question of Dimitri: WHY do you do that?
>
> I'm afraid, I can't follow you.
We aren't following you either. The question is not what you are doing,
but why you are doing it. We need the general context. What is the
password supposed to protect? How?
> This was convinient for me, so far. And, yes, it has to. There are
> several other apps (Perl, PHP), which are dealing with the same keys.
>
> I thought, handling with MD5 password keys in UNIX format which are
> compatible to MySQL 'encrypt()' function too, might be the correct way.
I suppose you could use a cryptography library for that. See that thread
for example:
http://lists.trolltech.com/qt-interest/2007-01/thread00014-0.html
--
[ signature omitted ]
Message 9 in thread
>> Does it have to be Unix format?
>
> This was convinient for me, so far. And, yes, it has to. There are
> several other apps (Perl, PHP), which are dealing with the same keys.
>
> I thought, handling with MD5 password keys in UNIX format which are
> compatible to MySQL 'encrypt()' function too, might be the correct
> way.
>
>> How secure is it supposed to be?
>
> I don't know, but I thought the UNIX password keys where secure
> enough for most situations.
>
> I'm shure, many programs on Linux and *BSD use the same 'crypt()'.
Ok, so if you're using MySQL then why not just let MySQL do the
encryption and decryption for you?
ENCODE(str,pass_str)
DECODE(crypt_str,pass_str)
And if your application must have this encrypted password, you can just
do the query:
SELECT ENCRYPT('hello', 'some password string');
Is this good enough for you? It's not very secure, but at least it's not
plain text, which is what seems to be your biggest concern.
--
[ signature omitted ]
Message 10 in thread
Am 02. Januar 2007 um 20:01:16 +0100 schrieb Marius Storm-Olsen:
> Ok, so if you're using MySQL then why not just let MySQL do the
> encryption and decryption for you?
Hhhrm. Well. Ok.
I'm not happy with this, but I will try it.
The PHP people will lough to me.
They have 'crypt()' which works on *NIX and Win32. :-/
Liebe Grüße, Nora.
nora@xxxxxxxxxxxxx
IM-NETZ Neue Medien, Berlin http://www.im-netz.de/
WWW von Frauen für Frauen, Hamburg http://www.w4w.net/
Lesbian Computer Networks, Helsinki http://www.sappho.net/
--
[ signature omitted ]
Message 11 in thread
Nora Etukudo wrote:
> Am 02. Januar 2007 um 20:01:16 +0100 schrieb Marius Storm-Olsen:
>
>> Ok, so if you're using MySQL then why not just let MySQL do the
>> encryption and decryption for you?
>
> Hhhrm. Well. Ok.
> I'm not happy with this, but I will try it.
>
> The PHP people will lough to me.
> They have 'crypt()' which works on *NIX and Win32. :-/
Well, if you _really_ want to do it the hard way you can always add an
encryption library to your application. Something like Crypto++ for
example. Version 5.4 was just released,and should compile cleanly with
MSVC 2003/2005 and MinGW.
http://www.cryptopp.com/#platforms
--
[ signature omitted ]
Message 12 in thread
On Tue, 2 Jan 2007 20:38:34 +0100
Nora Etukudo <nora@xxxxxxxxxxxxx> wrote:
> Hhhrm. Well. Ok.
> I'm not happy with this, but I will try it.
You can try to implement an MD5 or SHA1 algorithm, it is not difficult,
just 1 or 2 hours of coding and debugging.
These hashing algorithms are freely available on the internet, do not
forget to append a 'salt' on the password before hashing!
--
[ signature omitted ]
Message 13 in thread
Hi
I use the crypto lib which comes as part of OpenSSL
On 02/01/07, Nora Etukudo <nora@xxxxxxxxxxxxx> wrote:
> Am 02. Januar 2007 um 11:53:43 +0100 schrieb Dimitri:
>
> > Which password?
>
> Let's assume the password is 'geheim'.
>
> > The above is the default password encryption function on Linux/Unix
> > systems (MD5 or DES), but I think authentication is not necessarily
> > based on crypt().
>
> If I do the following with above password
>
> 2002 [tova:~] =passwd nora
> Changing password for user nora.
> New UNIX password:
> BAD PASSWORD: it is based on a dictionary word
> Retype new UNIX password:
> passwd: all authentication tokens updated successfully.
>
> I wonder in which english dictionary one may find this password :)
> but however, I get an encrypted string in '/etc/shadow'
>
> 2003 [tova:~] =grep nora /etc/shadow
> nora:$1$7TVWvKhn$a3uLG0BarbmVuTQZ.bhFU0:13515:0:99999:7:::
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> The same can I do with 'crypt()' in C++ under Linux:
>
> QString p1 = "geheim";
> QString key = crypt (p1.toAscii (), "$1$");
> // key contains now "$1$7TVWvKhn$a3uLG0BarbmVuTQZ.bhFU0" the
> // very same string as in '/etc/shadow'
>
> But, under Win32 I have no 'crypt()'. :'-(
>
> Liebe Grüße, Nora.
>
> nora@xxxxxxxxxxxxx
> IM-NETZ Neue Medien, Berlin http://www.im-netz.de/
> WWW von Frauen für Frauen, Hamburg http://www.w4w.net/
> Lesbian Computer Networks, Helsinki http://www.sappho.net/
>
> --
> To unsubscribe - send a mail to qt-interest-request@xxxxxxxxxxxxx with "unsubscribe" in the subject or the body.
> List archive and information: http://lists.trolltech.com/qt-interest/
>
>
--
[ signature omitted ]