egghelp/eggheads community

Eggdrop TCL Password Emailer wanted!

2002-08-09T11:50:44-04:00

You could hack up blowfish to not encrypt passwords :)

Not that hard ... just gotta make the password encryption function return the plaintext password.

Statistics: Posted by guppy — Fri Aug 09, 2002 11:50 am

Eggdrop TCL Password Emailer wanted!

2002-08-09T05:15:36-04:00

Quite smply, yes you could do this.

It would not be secure though. Any system using plain text passwords is not secure.

Another option (or feature) to the second option I gave, is to provide a command fore the user to get the password changed himself.

EG, he sends a message to the bot "/msg bot neednewpass", the bot makes a new password, and e-mails it to him.

By all means use the first method, as it's perfectly possible, however, each user would have to give there e-mail address and re-give you there password. This is so it can be stored in plain text, seeing as there is no way to decrypt it.

Another option is to fish about in the modules directory on the eggdrop FTP server (ftp://ftp.eggheads.org/), there used to be a module, that would replace blowfish, so that plaintext passwords could be stored. However, this would 100% leave even global owners (and perminant) at risk.

Statistics: Posted by ppslim — Fri Aug 09, 2002 5:15 am

Eggdrop TCL Password Emailer wanted!

2002-08-08T12:26:01-04:00

Am I right is asuming that the authentication is hostname and password based? And that the password is that saved in eggdrops userfile?
If so, then the answer is no.
This is simply due to the fact that the password is encrypted when stored (encrypted full stop).

sh*t

isn't there a way to store text based passwords in a file besides(next to) the encrypted one? (in a secure location)

[cut]

There is another way around it.

Once a owner/master (who ever you pick to do the deed, but lets call him/her A) has varified that person B is who he/she ways they are, then a script can be set to dot he following.

Person A verifies who person B is.
Person A types a command on the bot, for example ".issuepass B". This will tell the bot that B is to be issued witha new password.
The bot will then generate a new random password (EG J4dDJD8e7), save it to the userfile, and either msg or e-mail person B to tell them (e-mail recomended).

well, thats exactly what i DON'T want to do, because i want to be rid of this, thats just the whole idea

Statistics: Posted by Guest — Thu Aug 08, 2002 12:26 pm

Eggdrop TCL Password Emailer wanted!

2002-08-08T05:36:10-04:00

Am I right is asuming that the authentication is hostname and password based? And that the password is that saved in eggdrops userfile?

If so, then the answer is no.
This is simply due to the fact that the password is encrypted when stored (encrypted full stop).

This encryption is a one way encryption, as such that it uses the plain text password as the text, and the plain text password as the key. As such, only having the plain text password can produce a password match.

There is simply no secure method of storing password in plain text, so that they can be sent to the user should he/she forget them.

There is another way around it.

Once a owner/master (who ever you pick to do the deed, but lets call him/her A) has varified that person B is who he/she ways they are, then a script can be set to dot he following.

Person A verifies who person B is.
Person A types a command on the bot, for example ".issuepass B". This will tell the bot that B is to be issued witha new password.
The bot will then generate a new random password (EG J4dDJD8e7), save it to the userfile, and either msg or e-mail person B to tell them (e-mail recomended).

Statistics: Posted by ppslim — Thu Aug 08, 2002 5:36 am

Eggdrop TCL Password Emailer wanted!

2002-08-08T05:08:49-04:00

I was wondering if anyone has any idea about how to make this work?

I run an eggdrop for my clan's channels, and want to expand it into doing more then opserving, i added a lot of scripts to it wich make it a happy critter and well used. but we (a mate of me and meself) are working on some scripts of our own and hope to make it an eggdrop people want on their channels! The idea is that people can request forgotten passwords to be delivered by email, previously set into his/her user info.

Anyone know a script that does just that? or is there a way to make it work? i am no TCL programmer pursang, to be exact i just started. but people nag me about passwords they forgot and that anoys me. Most functions on my eggdrop work through authentication only.

Can anyone help me please!

Statistics: Posted by Guest — Thu Aug 08, 2002 5:08 am