Eggheads: Encrypted passwords

Tom Laermans tom.laermans at powersource.cx
Tue Feb 4 13:14:01 CST 2003


At 16:24 04-02-2003, you wrote:

>This is possible, however, it would be no different to storing the
>password in plaintext.
>
>When you encrypt a string, you have to use a key. The key is used to
>encrypt a string, then decrypt the string into it's original form.

I think that even leaving the key in the source you still are a bit more 
secure. Someone reading over your shoulder or having a quick browse through 
your config file would see the encrypted password instead of the plaintext 
one, so it's a bit harder to memorize/steal, the attacker will have to go 
through some effort.

You shouldn't however get a false sense of security, since it's not really 
secure at all, but im(h)o better than nothing.

the blowfish (and probably all other eggdrop encryption modules) have 
encrypt/decrypt functions.

Tom
SiD3WiNDR @ Spidernet / Undernet




More information about the Eggheads mailing list