Quote:
Originally Posted by
Ariean
I get it what you all are explaning me i may have to explain my client as well but I should have a approach first to deal this
No approach is better than what you have.
I mean that entirely literally -- not a figure of speech. Your aes256-encrypted passwords aren't safer than your base64-encoded passwords, or even your plaintext ones. It is exactly as safe as you'd expect
echo secret-password | encryption-program | decryption-program | application to be, for the exact same reason. That's not what encryption is for.
Quote:
my client/management is asking for encrypted passwords
Thought so. Last time this came up it was someone who'd been asked to build a wholly-encrypted laptop -- which he'd been informed had to
boot and run without typing in a password.
Consider that combination.
What, exactly, is being protected
from who? It's the exact same problem, just a lot more obvious.
Quote:
all these accounts/passwords are stored in file (.passwd) and this file should be protected as well as currently it has (-r--r--r--) permissions
Yes. That is bad. Reduce those permissions as much as possible, -r------- if you can get away with it. That it's owned by root isn't bad necessarily, but world-readable? Yikes!
Quote:
I can tweak the permissions but all the application shell scripts are owned by root
Are you saying you're not allowed to modify the application scripts, or that they all
run as root?
If the scripts don't contain passwords, it's not too dangerous to read them.
That the scripts are owned by root does not prevent them from being run as 'passworduser' by sudo.
Quote:
I am trying to figure out the approach i should built using the inputs from this thread and make my client happy.
Thank you.
Your client will be less than ecstatic to realize your sophisticated encryption has continued to decrypt even after the server has mysteriously left the building. Their expectations are simply unrealistic.
Cleaning up file permissions is a great start. Clamping down on who is allowed to use root for what is also a good idea, as is segregating the file somewhere it can't be used without sudo's help. File and user permissions are your primary job here, they will take the most work and do the most good.
Also explore what alternate schemes are available, like passwordless logins from very specific hosts or accounts, etc. This problem is why such things exist. It's almost impossible to keep plaintext passwords
perfectly safe.