RE: [OT] Security in scripting languages

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: RE: [OT] Security in scripting languages
From: "Vincent Penquerc'h" <Vincent.Penquerch@...>
Date: Fri, 15 Feb 2002 17:38:17 -0000

Title: RE: [OT] Security in scripting languages

> I doubt so. That's the vulnerability of open source: if you
> can trace how
> the program unencrypt the password, you can decypher it
> yourself. On this view,
> proprietary closed programs are safer, even if not perfect
> (see how easy it
> is to break Windows and Office passwords...).

Bzzzt, wrong answer :)
The point is not to hide the method to decrypt a password, but to
use a method which is not reversible. See the crypt API. That's
why a good password is not easily cracked even when you get a copy
of /etc/password, even when the algorithm is perfectly known, and
the encrypted password is known too.

--
Vincent Penquerc'h

Prev by Date: [OT] Security in scripting languages
Next by Date: RE: [OT] Security in scripting languages
Previous by thread: Re: [OT] Security in scripting languages
Next by thread: RE: [OT] Security in scripting languages
Index(es):
- Date
- Thread