[Freeciv-Dev] Re: Passwd auth with MD5 hash
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Tue, 21 Aug 2001, Erik Sigra wrote:
> >
> > Still, even with ssh I can trojan the sshd on the other end to get the
> > password. Sending the password encrypted does no good except against
> > sniffing attacks since the server has to decode the password to check it.
>
> Why would the server need to know the password to check it? Can't it just
> compare encrypted versions?
No, it can't! Think about it, the encrypted version is stored in the save
game file. The encrypted version of a UNIX password is stored in the
/etc/passwd file* where everyone can read it. If the server just compared the
encrypted (wrong term really, hashed is better) versions, then all you would
have to do is send the thing you see in the save game file to the server!
* Yes, I know that if you use shadow passwords then the hash isn't world
readable.
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Bernd Jendrissek, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Trent Piepho, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Reinier Post, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Auth Gábor, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Trent Piepho, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Erik Sigra, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Trent Piepho, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Erik Sigra, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash,
Trent Piepho <=
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Erik Sigra, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Paul Zastoupil, 2001/08/24
[Freeciv-Dev] Re: Passwd auth with MD5 hash, Gaute B Strokkenes, 2001/08/21
|
|
