Eggheads: Encrypted passwords
tom.laermans at powersource.cx
Tue Feb 4 13:14:01 CST 2003
At 16:24 04-02-2003, you wrote:
>This is possible, however, it would be no different to storing the
>password in plaintext.
>When you encrypt a string, you have to use a key. The key is used to
>encrypt a string, then decrypt the string into it's original form.
I think that even leaving the key in the source you still are a bit more
secure. Someone reading over your shoulder or having a quick browse through
your config file would see the encrypted password instead of the plaintext
one, so it's a bit harder to memorize/steal, the attacker will have to go
through some effort.
You shouldn't however get a false sense of security, since it's not really
secure at all, but im(h)o better than nothing.
the blowfish (and probably all other eggdrop encryption modules) have
SiD3WiNDR @ Spidernet / Undernet
More information about the Eggheads