Hi, as you probably know, passwords stored in the GnuGk configuration using addpasswd, are merely obfuscated and can be recovered. For passwords in [GkStatus::Auth] I have now implemented to only store the password hash. From the hash, the password cannot be recovered, but GnuGk can check if the user has entered the correct password. The code is in the CSV and passwords now look like this: [GkStatus::Auth] rule=password jan=PBKDF2:9e9bc1079db3b2ae-57d230bbe9ea494c843f454999c80d422df6c2d6da7514b933bd4267abf22555 If anybody is able to recover the password until next week, I'll think of a nice price. Hint: It only contains letters, no digits or special characters as you should be using. You are invited to examine the code (function PBKDF2_Digest()). Its rather short (40 lines) and required no H.323 knowledge, just regular programming skills. http://openh323gk.cvs.sourceforge.net/viewvc/openh323gk/openh323gk/addpasswd/addpasswd.cxx?revision=1.4&view=markup I'd love to extend this to other passwords stored in the config, but in most cases GnuGk needs access to the plaintext password. Regards, Jan -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan@xxxxxxxxxxxxxx Website: http://www.gnugk.org Support: http://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91 22393 Hamburg Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584 ------------------------------------------------------------------------------ _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
