|
> I doubt so. That's the vulnerability of open source: if you
> can trace how
> the program unencrypt the password, you can decypher it
> yourself. On this view,
> proprietary closed programs are safer, even if not perfect
> (see how easy it
> is to break Windows and Office passwords...).
Bzzzt, wrong answer :)
The point is not to hide the method to decrypt a password, but to
use a method which is not reversible. See the crypt API. That's
why a good password is not easily cracked even when you get a copy
of /etc/password, even when the algorithm is perfectly known, and
the encrypted password is known too.
--
Vincent Penquerc'h