[GNC] Recommendations for hosting gnucash file - Google Drive, Microsoft 365, Local server?

[Chris Green]

On Wed, Sep 11, 2024 at 04:04:50PM -0500, R Losey wrote:
> On Wed, Sep 11, 2024 at 10:47 AM Chris Green <cl at isbd.net> wrote:
> > No, they're not.  What's stored is the result of applying an algorithm
> > to the password you supply.  So, you enter a password, the password is
> > 'scaarmbled' by the password checking software and, if the resulting
> > scramble matches your entry in the password file (actually the shadow
> > file nowadays) you can log in.
> >
> > In reality it's even a bit more complicated than this, but anyway the
> > password isn't stored in any way.
> >
> 
> Your last sentence gave me a laugh; it directly contradicts your previous
> paragraph: "What's stored is the result of applying an algorithm to the
> password you supply" -- so the password IS stored in some encrypted fashion

No, it's impossible to get back to the password from the 'scrambled'
string.  The **only** way to validate your password is to encrypt the
password you enter and then compare the result with the 'scrambled'
string.

In particular the only way to discover a password is to 'brute force'
it by trying zillions of possible passwords until one, when encryted,
produces the required 'scrambled' string.

> -- at the very least something related to the password is indeed stored.

Well, yes, that's inevitable, otherwise how could your password be
checked! :-)

More relevant to the original question is that it's even more
difficult to break encryption like the above when the 'password' that
you're trying to obtain is actually a large chunk of text.  Even if
you happen to know it's (say) 1000 characters long brute forcing it is
quite impossible.

-- 
Chris Green