General Password questions
G.A.
gafStopSpamData at ziplink.stopallspam.net
Tue Sep 30 16:23:59 EDT 2003
On Tue, 23 Sep 2003 18:02:37 +0200, Riccardo Attilio Galli
<riquito at riquito.matrix> wrote:
>english). An user should never enter the password again. I know how hashes
>work, and they're useful when I can compare an entered password with an
>hash value, but here I need that the user don't enter a password anymore
>(after the first time).
Better late than never: The only way to do this securely is to rely on the
operating system's security, and even that isn't always possible. I think
the NT/W2K model allows for encryption based on keys that only the specific
user can use (i.e. you have to actually be logged in as that user; I'm not
sure if the adminstrator can fake it). This won't work on 9X. On UNIX, a
close approximation is to just store the password in a file to which only
the user has read access, but obviously root will still have access.
Note that if the application supports multiple mail accounts for a single
user (as many do), then it becomes useful to have a single password for the
application, used to encrypt the various passwords for the different mail
accounts.
Gary
More information about the Python-list
mailing list