Eggheads: Encrypted passwords

Philip Richardson ppslim at ntlworld.com
Thu Feb 6 03:51:01 CST 2003


Hello Simon,

Wednesday, February 5, 2003, 5:05:41 PM, you wrote:

S> Philip Richardson wrote:

S> # .nickserv <mypass>
S> bind dcc n|- nickserv dcc:nickserv
S> proc dcc:nickserv {hand idx text} {
S>     # generated with '.tcl encrypt mypass botpass'
S>     set hash NVUGh14TaGR1
S>     puthelp "PRIVMSG nickserv :identify [decrypt $text $hash]
S> }

S> What the second one does: Saves a hash of the bot's pass, so that you 
S> don't need to walk around and remember it, you can just type in your own 
S> easy to remember password. You decide if its useful, I just thought I'd 
S> give a little inspiration.

  My guess he want to keep the autmated theme to the system. Where
  placing a line in init-server, or using the EVNT bind can be used to
  authenticate to services from the off.

  While your proof of concept code isn't flawed in anyway, nor is the
  idea behind it (it's one step short of being the most secure
  method), it can't be used in any way for the purpose of automation.

  The only way I can see of doing this, would be to use some Tcl
  "gets" during a startup script, to obtain a password from the
  console. Keeping the password only in memory while the bot is
  running.

  While this has it's weakneses to memory tracing, I can't see any
  other secure method.


S> Best regards,
S> Simon Shine

  Phil
-- 
Do you want fries with that :D
 Philip                          mailto:ppslim at ntlworld.com




More information about the Eggheads mailing list