Re: Is there any way...

David Schwartz (
Fri, 27 Feb 1998 00:17:22 -0500

Why not just have the user type in the secret? Otherwise, how do you
know the real user is even there? If I understand your application, you
don't want the decrypted password to be available to anyone but the real
user, hence the real user is going to have to prove his identity somehow.
The only way to do that is for him to enter some unique identifier.

An internal kernel secret would not be useful because the kernel has no
idea which particular warm body is talking to it.


>>>On Tue, 24 Feb 1998, David Schwartz wrote:
>>>> >I want a very simple thing: to be able to
>>>> >encrypt AND DECRYPT password.
>>>> You don't mean that. If everyone else can decrypt my password, why
>>>> encrypt it? Perhaps you mean that they can _validate_ my password?
>>>Perhaps he wants to do password storage, ala windows dialup networking.
>> If that were the case, he'd only want the password's owner to be able
>>decrypt it. He has to clarify his requirements and what he's trying to do
>>order for us to figure out what he wants. I invite the original author to
>>email me more details of exactly what he's trying to do and I'll be happy
>>mail him back a summary of different encryption technologies and how they
>>could be used to meet his requirements.
>Hi !
>I'm the original author of this thread.
>Here is the actual problem I'm trying to resolve:
>The Time Warner RoadRunner cable service client
>for Linux (rrclientd-1.3.tar.gz)
>uses Kerberos protocol and Kerberos utilities
>"kinit", "kdestroy", etc for authentication.
>To do so automatically it stores the
>_unencrypted password in /etc/rrpasswd file.
>I think it sucks to use Kerberos while having
>unencrypted password written down on your hard drive.
>Sort of post office with tanks..
>So I would like to be able to have _encrypted password
>in /etc/rrpasswd while at the same time have only the
>real owner be able to decrypt it and pass to "kinit",
>providing the source code of all utilities is public.
>This poses kind of a puzzle since encryption and
>subsequent decryption of the password requires
>some "secret string" which only owner of the password
>may know, but storing this "secret string" anywhere
>defeats the purpose..
>I posted my question on linux-kernel list because
>I thought to use some "internal" kernel global variable
>as a "secret" providing there is such variable which is
>unique for each user and unknown to other users.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to