Educause Security Discussion mailing list archives

Re: Passwords and Secure SSO

From: Alan Amesbury <amesbury () OITSEC UMN EDU>
Date: Tue, 21 Dec 2004 10:15:35 -0600

Cal Frye wrote:

Sounds machine-specific. So when the user goes out to an Internet cafe
somewhere
he suddenly can't login to his Amazon.com account? Or do I misunderstand...


Actually, it *looks* machine-specific, too.  I tried downloading the
"Internet Explorer" version, but was prompted with some sort of .EXE
file.  I guess that won't work very well with IE for Mac.

Fortunately, I found the following platform-agnostic variant.  :-)

---------- Perl hack ----------

#!/usr/bin/perl -wT

# Gotta have SHA1
use Digest::SHA1 qw(sha1_base64);

# Some variables
my ($password, $domain);
my $result;

print "Password: ";
chop($password = <STDIN>);

print "Domain:  ";
chop($domain = <STDIN>);

$result = sha1_base64($password . $domain);
printf "Password:  %s\n", substr($result,0,16);

-------- End Perl hack --------




--
Alan Amesbury
OITSEC
University of Minnesota

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Passwords and Secure SSO Kay Sommers (Dec 20)
- <Possible follow-ups>
- Re: Passwords and Secure SSO Eric Pancer (Dec 20)
- Re: Passwords and Secure SSO Eric Pancer (Dec 20)
- Re: Passwords and Secure SSO Gary Dobbins (Dec 21)
- Re: Passwords and Secure SSO Cal Frye (Dec 21)
- Re: Passwords and Secure SSO Alan Amesbury (Dec 21)