AW: securing connection passwords

Fri, 17 Jul 2020 08:09:24 -0700 

>Guacamole need to know the password at connection time (in clear-text)
True.
> Even if the password is encrypted in the DB, it must be decryptable...
False (in general)
The user needs to enter the password anyway, thus it can be used to validate 
against salted/hashed/whatever version of password in database while also 
passing it in clear text to guacd (e.g. as password for RDP connection).
You only need to have a decryptable version if you use some other 
authentication (e.g. certificates) and need the clear text password to 
establish the connection.
Best Regards,
Joachim

-----Ursprüngliche Nachricht-----
Von: Antoine Roux <antoine.r...@esrf.fr> 
Gesendet: Friday, 17 July 2020 13:54
An: user@guacamole.apache.org
Betreff: Re: securing connection passwords

Hello Stephane,

MD5 is not a way to encrypt something, it's a hashing algorithm (not 
reversible).

Guacamole need to know the password at connection time (in clear-text) Even if 
the password is encrypted in the DB, it must be decryptable...

I don't think it's the right way to do something like you want.

Le 17/07/2020 à 13:44, stephane.lhotellier a écrit :
> Login passwords do not appear to be encrypted in the database.
> 
> Is it possible to encrypt them (MD5 or other) ?
> 
> 
> 
> --
> Sent from: 
> http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.co
> m/
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
> For additional commands, e-mail: user-h...@guacamole.apache.org
> 

--
Antoine  Roux

                   ooo   ooo
                  d888b d888b
              ooo 88W88 88I88 ooo
             d888b Y88P Y88P d888b
             88S88  '`   `'  88X88
              Y8P' .od888bo. 'Y8P
                .od888888888bo.
               d888888888888888b
               88888888888888888
                Y8888888888888P
                 `Y888P"Y888P'

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Reply via email to