lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Title: RE: [OT] Security in scripting languages

> I doubt so. That's the vulnerability of open source: if you
> can trace how
> the program unencrypt the password, you can decypher it
> yourself. On this view,
> proprietary closed programs are safer, even if not perfect
> (see how easy it
> is to break Windows and Office passwords...).

Bzzzt, wrong answer :)
The point is not to hide the method to decrypt a password, but to
use a method which is not reversible. See the crypt API. That's
why a good password is not easily cracked even when you get a copy
of /etc/password, even when the algorithm is perfectly known, and
the encrypted password is known too.

--
Vincent Penquerc'h