egghelp/eggheads community Discussion of eggdrop bots, shell accounts and tcl scripts. 2006-08-13T10:52:09-04:00 https://forum.eggheads.org/app.php/feed/topic/12274 2006-08-13T10:52:09-04:00 2006-08-13T10:52:09-04:00 https://forum.eggheads.org/viewtopic.php?p=65431#p65431 <![CDATA[difference between encpass and encrypt]]>
True... Tho I'd like to see anyone using those to decrypt the passwd hash (without bruteforcing it). ;)
This won't help to decrypt but definatelly allow you to brute force it ;)
Does anyone remember why we don't use random salts and prepend it to the hash? (*nix-style)
Probably because you would have to recreate your userfile (password mainly) once again after you update your bot in current state. Eggheads never drastically redesigned project and never liked to break compatibility with previous version (they did it once) so it have to be done like now ;)

I also remember that it's possible to have diffrent HASHes even for different user's passwords in 1.9 ;)

Statistics: Posted by KrzychuG — Sun Aug 13, 2006 10:52 am

]]> 2006-08-13T07:35:45-04:00 2006-08-13T07:35:45-04:00 https://forum.eggheads.org/viewtopic.php?p=65428#p65428 <![CDATA[difference between encpass and encrypt]]>
Does anyone remember why we don't use random salts and prepend it to the hash? (*nix-style)
Not that it makes it that much harder to bruteforce, just takes alittle longer..

Statistics: Posted by nml375 — Sun Aug 13, 2006 7:35 am

]]> 2006-08-13T05:59:57-04:00 2006-08-13T05:59:57-04:00 https://forum.eggheads.org/viewtopic.php?p=65427#p65427 <![CDATA[difference between encpass and encrypt]]>
And no, encpass does'nt use a hardcoded key.
Well, it's using hardcoded SALTs to make encrypted passwords "compatible" with other Eggdrops ;)

Statistics: Posted by KrzychuG — Sun Aug 13, 2006 5:59 am

]]> 2006-08-12T13:51:08-04:00 2006-08-12T13:51:08-04:00 https://forum.eggheads.org/viewtopic.php?p=65415#p65415 <![CDATA[difference between encpass and encrypt]]>
Passwords are encrypted in a one-way fashion (use encpass for this).
"encrypt" however allows you to encrypt a string with a key, to later decrypt it using "decrypt" and that same key.

And no, encpass does'nt use a hardcoded key.
Thanks exactly what I search for, but I was not sure if it is really one-way or only faked hardcoded ;)

Statistics: Posted by keeper2 — Sat Aug 12, 2006 1:51 pm

]]> 2006-08-12T13:47:57-04:00 2006-08-12T13:47:57-04:00 https://forum.eggheads.org/viewtopic.php?p=65414#p65414 <![CDATA[difference between encpass and encrypt]]> "encrypt" however allows you to encrypt a string with a key, to later decrypt it using "decrypt" and that same key.

And no, encpass does'nt use a hardcoded key.

edit: This behaviour of course completely depends on the encryption-module you've chosen to use (most ppl stick with blowfish.mod).
You might wanna check the source of above mentioned module for further/deeper knowledges

Statistics: Posted by nml375 — Sat Aug 12, 2006 1:47 pm

]]> 2006-08-12T13:38:30-04:00 2006-08-12T13:38:30-04:00 https://forum.eggheads.org/viewtopic.php?p=65413#p65413 <![CDATA[difference between encpass and encrypt]]>
What password encpass use? Or is it a one way encryption?

Statistics: Posted by keeper2 — Sat Aug 12, 2006 1:38 pm

]]>