in reply to popping or shifting a line off a file

I would like to point out that this scheme is quite insecure. If someone grabs your file, your security is toast. A much more robust approach has been devised by the fine folks at Bellcore and is discussed here and here. Those documents contain a nice description of how this scheme works.

In layman terms, what you do is choose a 'seed' phrase and the number of keys to generate. Then you apply a secure hash algorithm to the seed phrase said number of times. In the reference I mentioned before, they talk about MD4. Nowadays, MD5 (and for some applications, MD160) are better options.

With this scheme, your server would just need to keep track of the last succesfully authenticated key and its sequence, as all of them can be generated by using the pass or seed phrase, which might be easier to hide or protect. This has the added benefit that the legitimate users, knowing the seed phrase, could use automated means to generate the required key.

A quick search on CPAN reveals that a lot of the work as already been done.

Hope this helps.

  • Comment on Re: popping or shifting a line off a file

Replies are listed 'Best First'.
Re: Re: popping or shifting a line off a file
by nmerriweather (Friar) on Jul 29, 2002 at 01:11 UTC
    thanks thats about 10000000 times more secure than needed for this application though :)
[reply]
      Well, it seems that you are at least a little bit concerned with security, otherwise you would not be cooking up a password scheme in the first place. You may as well do it right, if for no other reason than to get in the habit when a situation does call for higher security. Also, who is to say that this application will not require higher security in the future? If you implement a bad scheme now, you forget about it until someone hacks it. Bad mojo.

      thor

[reply]
      That's what you say now, but what are you going to say after
      some "black hat" rootshell's your machine?
[reply]

In Section Seekers of Perl Wisdom