Okay I wrote a web based CGI ftp program that has a scheduling system built into it. Since I included the scheduleing system I have to write the user name, password and other information to a schedule.txt. To get to the point, I don't want and cant have the user's password in clear text, yet I need to be able to decrypt it, if I encrypt it, I am thinking about utalizing RSA encryption and storeing keys and the prime numbers into shell varibles. I will then take those varibles and use them to decrypt or encrypt the password, what do yall think?
-Doron

I think it'd be better to mimic how login and su take your password.

When you set your password, it gets run through a hashing formula that's not reversible by any known algorithm other than brute force (the old algorithm was DES, which limited the password length to 8 characters; the current one is MD5, which has an unlimited password length). Then the result of the hash is stored.

When you try to authenticate, it asks you for your password (after turning echoing off on the terminal), hashes whatever you type in, and compares the hash values. Because of certain mathematical properties of DES and MD5, the hashed value is extremely unlikely to match the hash of any string other than the real password, though it is possible.

Depending on what language you used to write the FTP program, you may already have access to crypt(), which is the Linux function that does this hashing. Check out man 3 crypt if it's written in C.

I have used the crypt funtion before, however I can not use a one way encryption. Since I will be holding their password for later authentication, if i do a one way encryption, it will not be valid to authenticate with there server.
-Doron

Oh, I thought your CGI was the FTP server. Or something -- now that I think about it more, that doesn't even make sense.

Never mind then... ;)

As for what to use, I'm not sure. You might be able to plug into GnuPG...

think of it as this, it is an web based ftp client. Two features of it are an hourly scheduler and the ability to simtanioiusly upload to one or more servers at once, granted if you have the same user name and password.
-Doron