[BusyBox] how does passwd work

Ralph Siemsen ralphs at netwinder.org
Fri Feb 25 18:21:58 UTC 2005


Felix Domke wrote:

> I've understanded the term "javascript" as he wants to "encrypt" (i.e.
> hash) the password on client-side, avoiding to transfer the plaintext
> password at all.

Oh I see.  For this to be worthwhile, one would also have to ensure that 
all future uses of the username/password are secured - eg. no telnet and 
no ftp traffic for example.  Unless this is done there is really no 
point in making the original "generate password" feature "nonsniffable".

> This can't be done in a portable way, you could transfer both md5 and
> des and look for a portable method to store the result into the
> corresponding file.

There are also locking and concurrent access issues for the system 
passwd/shadow files...

> I remember using a tool which was able to receive
> "username:password"-strings on stdin, which shipped with an old SuSE
> Linux. However, i wasn't able to either remember it's name nor to find
> something similiar on my system. It was quite useful, dunno however if
> busybox support something like this.

Maybe you are thinking of "htpasswd" which is part of the Apache web 
server?  It can generate such a password file, intended for use with 
.htaccess based authentication.

-Ralph



More information about the busybox mailing list