This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.

For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

difference between encpass and encrypt

Help for those learning Tcl or writing their own scripts.
Post Reply
k
keeper2
Voice
Posts: 12
Joined: Wed Jul 19, 2006 10:16 am

difference between encpass and encrypt

Post by keeper2 »

The topic says it. I dont really see a difference between encpass and encrypt, the only one is that using encrypt you can give a password for the encryption.

What password encpass use? Or is it a one way encryption?
Top
n
nml375
Revered One
Posts: 2860
Joined: Fri Aug 04, 2006 2:09 pm

Post by nml375 »

Passwords are encrypted in a one-way fashion (use encpass for this).
"encrypt" however allows you to encrypt a string with a key, to later decrypt it using "decrypt" and that same key.

And no, encpass does'nt use a hardcoded key.

edit: This behaviour of course completely depends on the encryption-module you've chosen to use (most ppl stick with blowfish.mod).
You might wanna check the source of above mentioned module for further/deeper knowledges
NML_375
Top
k
keeper2
Voice
Posts: 12
Joined: Wed Jul 19, 2006 10:16 am

Post by keeper2 »

nml375 wrote:Passwords are encrypted in a one-way fashion (use encpass for this).
"encrypt" however allows you to encrypt a string with a key, to later decrypt it using "decrypt" and that same key.

And no, encpass does'nt use a hardcoded key.
Thanks exactly what I search for, but I was not sure if it is really one-way or only faked hardcoded ;)
Top
User avatar
KrzychuG
Master
Posts: 306
Joined: Sat Aug 16, 2003 2:51 pm
Location: Torun, Poland
Contact:
Contact KrzychuG

Post by KrzychuG »

nml375 wrote: And no, encpass does'nt use a hardcoded key.
Well, it's using hardcoded SALTs to make encrypted passwords "compatible" with other Eggdrops ;)
Que?
Top
n
nml375
Revered One
Posts: 2860
Joined: Fri Aug 04, 2006 2:09 pm

Post by nml375 »

True... Tho I'd like to see anyone using those to decrypt the passwd hash (without bruteforcing it). ;)
Does anyone remember why we don't use random salts and prepend it to the hash? (*nix-style)
Not that it makes it that much harder to bruteforce, just takes alittle longer..
NML_375
Top
User avatar
KrzychuG
Master
Posts: 306
Joined: Sat Aug 16, 2003 2:51 pm
Location: Torun, Poland
Contact:
Contact KrzychuG

Post by KrzychuG »

nml375 wrote:True... Tho I'd like to see anyone using those to decrypt the passwd hash (without bruteforcing it). ;)
This won't help to decrypt but definatelly allow you to brute force it ;)
Does anyone remember why we don't use random salts and prepend it to the hash? (*nix-style)
Probably because you would have to recreate your userfile (password mainly) once again after you update your bot in current state. Eggheads never drastically redesigned project and never liked to break compatibility with previous version (they did it once) so it have to be done like now ;)

I also remember that it's possible to have diffrent HASHes even for different user's passwords in 1.9 ;)
Que?
Top
Post Reply

Return to “Scripting Help”