[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Hiding all copies of your PPP password
I believe that the solution is simple (for home systems which need only a
single secret in secret files):
Prompt the user to type his password each time he wants to start the PPP
connection.
Then the "personal vault" contents will be created from template files, which
have placeholders for the user's password.
When the connection is well-established, the "personal vault" will be
made to disappear.
If the user has more complicated network setup, and needs to keep several
secrets, and other stuff like that, then he'll be prompted for the vault's password.
In this case, the vault will be persistent.
-=-=-
By the way, I have been thinking more about the new PPP script (with a view
of expanding it into a single-stop configuration+activation script for Linux newbies
and people who are too busy to bother with PPP setup details).
[Yes, I know about pppscript - but it did not work in a system where I tried
it, it does not meet the password hiding requirements, and according to my
experience it will need some improvements in order to work well with more
ISPs.]
But to develop it, I have to locate information about some subjects and in view
of Peter's flame (sent to me by private E-mail - about asking too many newbie
like questions and asking the list to do my homework for me), I am now afraid
to ask the Linux-IL participants to help me locate quickly help files and HOWTOs
about those subjects (mounting encrypted filesystem on loopback device;
invoking CURSES-like selection/text entry dialogs from a perl script; recommendation
on the best and most secure way to invoke pppd from regular user rather than
becoming root or using sudo or setting its SUID bit; how to do secure wipe on
files to be erased), so I'll have to search for them myself - in addition to code
development.
Is there anyone on Linux-IL who loves to look for information and excels in this,
and is willing to volunteer to look for information and can help me concentrate
in original code development (in exchange for acknowledgement in the final
GPLed code)?
--- Omer
WARNING: by sending me unsolicited commercial/religious/political/M@ilPush
E-mail (known also as "spam") you irrevocably agree to pay me US$500.-
(plus any legal fees incurred by my trying to collect the above amount) per
unsolicited commercial/religious/political/M@ilPush E-mail message sent
to me - for the service of receiving it.
-----Original Message-----
From: Peter L. Peres [SMTP:plp@actcom.co.il]
Sent: Wed December 09 1998 0:07
What you are after is a personal vault. This is a small encrypted block of
data that can be mounted with the loop device only when needed. It is
opened by a password and data in it is accessed, then it is closed. There
remains the problem of where to store the password to open the crypted
block. The hen and the egg problem, so to say.