Home > Archive > PERL Beginners > August 2005 > encrypt the password stored in a file
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
encrypt the password stored in a file
|
|
| Ken Perl 2005-08-29, 3:55 am |
| The password used to access a ftp server is stored in a text file, the
perl program gets the password from the file, the pass it to the ftp
server for logon, this is the background.
The requirement is encrypt the password store in a more secure way,
and the perl program could still use the encrypted password to logon
the server. what algorithm should be used in this task?
| |
| Owen Cook 2005-08-29, 3:55 am |
|
On Mon, 29 Aug 2005, Ken Perl wrote:
> The password used to access a ftp server is stored in a text file, the
> perl program gets the password from the file, the pass it to the ftp
> server for logon, this is the background.
> The requirement is encrypt the password store in a more secure way,
> and the perl program could still use the encrypted password to logon
> the server. what algorithm should be used in this task?
Have a look at CPAN's Crypt::Simple
From the SYNOPSIS
use Crypt::Simple;
my $data = encrypt(@stuff);
my @same_stuff = decrypt($data);
Owen
| |
| JupiterHost.Net 2005-08-29, 9:55 pm |
|
Ken Perl wrote:
> The password used to access a ftp server is stored in a text file, the
> perl program gets the password from the file, the pass it to the ftp
> server for logon, this is the background.
> The requirement is encrypt the password store in a more secure way,
> and the perl program could still use the encrypted password to logon
> the server. what algorithm should be used in this task?
Any Crypt:: modules would help but then the way to unencrypt it is still
in a file. You be better off doing:
my $password = 'plaintext';
chown user:user config.pm
chmod 600 config.pm
that way only the user can read it so it can safely be in plain text.
Obscuring it is a lame way to do it because any moron with half sense
can figure out how you unobscure it if they have access to the file anyway.
Permissions, permission, permissions :)
HTH :)
| |
| Miguel Santinho 2005-08-30, 3:55 am |
| Em (On) Mon, Aug 29, 2005 at 12:36:32PM -0400, Bob Showalter escreveu (wrote):[color=darkred]
> Ken Perl wrote:
If someone can access your machine to get the password... then your problem
is not the way you encrypt that file, but the way you protect your machine.
;-)
--
+-----------------------------------------------------
| Simplicidade.com
| Consultoria em Tecnologias de Informação, Lda.
+-----------------------------------------------------
| Rua António Onofre, 4D
| 2870-220 Montijo - PORTUGAL
| Tel./Fax: +351 21 231 01 51
+-----------------------------------------------------
| info@simplicidade.com | http://www.simplicidade.com
+-----------------------------------------------------
| |
| Ken Perl 2005-08-30, 3:55 am |
| In fact, I are just writing a demo program used in a presentation,
when I open its config file through screen sharing, I don't want the
visiter see the plain text password.
On 8/30/05, Miguel Santinho <msantinho@simplicidade.com> wrote:
> Em (On) Mon, Aug 29, 2005 at 12:36:32PM -0400, Bob Showalter escreveu (wr=
ote):
e[color=darkred]
>=20
> If someone can access your machine to get the password... then your probl=
em
> is not the way you encrypt that file, but the way you protect your machin=
e.
> ;-)
>=20
> --
> +-----------------------------------------------------
> | Simplicidade.com
> | Consultoria em Tecnologias de Informa=E7=E3o, Lda.
> +-----------------------------------------------------
> | Rua Ant=F3nio Onofre, 4D
> | 2870-220 Montijo - PORTUGAL
> | Tel./Fax: +351 21 231 01 51
> +-----------------------------------------------------
> | info@simplicidade.com | http://www.simplicidade.com
> +-----------------------------------------------------
>=20
>=20
>=20
--=20
perl -e 'print unpack(u,"62V5N\"FME;G\!E<FQ`9VUA:6PN8V]M\"\@``
")'
| |
| JupiterHost.Net 2005-08-30, 6:56 pm |
|
Ken Perl wrote:
> In fact, I are just writing a demo program used in a presentation,
> when I open its config file through screen sharing, I don't want the
> visiter see the plain text password.
Why didn't you say so?
my $password =
'in_the_real_world_your_password_would_g
o_here_protected_from_prying_eyes_by_dec
ent_permissions_since_obscuring_it_is_as
_secure_as_covering_your_head_with_your_
arms_in_an_atomic_blast';
Done!
In other words, don't use a real password in the part they see...
| |
| Jose J. Cintron 2005-08-30, 6:56 pm |
| If it's just a demo, do a quick and dirty encryption yourself, for
example
- xor the password before storing it and xor it again before
using it.
my $string =3D "password";
my $encrypted_string =3D ~$string;
=09
<DO WHAT EVER YOU WANT NOW>
-----Original Message-----
From: JupiterHost.Net [mailto:mlists@jupiterhost.net]=20
Sent: Tuesday, August 30, 2005 08:38
To: beginners@perl.org
Subject: Re: encrypt the password stored in a file
Ken Perl wrote:
> In fact, I are just writing a demo program used in a presentation,=20
> when I open its config file through screen sharing, I don't want the
> visiter see the plain text password.
Why didn't you say so?
my $password =3D
'in_the_real_world_your_password_would_g
o_here_protected_from_prying_ey
es_by_decent_permissions_since_obscuring
_it_is_as_secure_as_covering_yo
ur_head_with_your_arms_in_an_atomic_blas
t';
Done!
In other words, don't use a real password in the part they see...
--
To unsubscribe, e-mail: beginners-unsubscribe@perl.org For additional
commands, e-mail: beginners-help@perl.org <http://learn.perl.org/>
<http://learn.perl.org/first-response>
|
|
|
|
|