[BusyBox] how does passwd work
Ralph Siemsen
ralphs at netwinder.org
Fri Feb 25 18:21:58 UTC 2005
Felix Domke wrote:
> I've understanded the term "javascript" as he wants to "encrypt" (i.e.
> hash) the password on client-side, avoiding to transfer the plaintext
> password at all.
Oh I see. For this to be worthwhile, one would also have to ensure that
all future uses of the username/password are secured - eg. no telnet and
no ftp traffic for example. Unless this is done there is really no
point in making the original "generate password" feature "nonsniffable".
> This can't be done in a portable way, you could transfer both md5 and
> des and look for a portable method to store the result into the
> corresponding file.
There are also locking and concurrent access issues for the system
passwd/shadow files...
> I remember using a tool which was able to receive
> "username:password"-strings on stdin, which shipped with an old SuSE
> Linux. However, i wasn't able to either remember it's name nor to find
> something similiar on my system. It was quite useful, dunno however if
> busybox support something like this.
Maybe you are thinking of "htpasswd" which is part of the Apache web
server? It can generate such a password file, intended for use with
.htaccess based authentication.
-Ralph
More information about the busybox
mailing list