Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Encrypt and decrypt a string
Top Forums Shell Programming and Scripting Encrypt and decrypt a string Post 302505452 by Corona688 on Thursday 17th of March 2011 02:31:46 AM
Old 03-17-2011
Encrypting a password is useless when you can't keep it encrypted. The instant you decrypt it, it's vulnerable again.

No matter how cryptographically hard they are, the encryption and decryption methods are right there for anyone to see and copy-paste anyway. That just makes it sillier.

chmod will be a much better defense against snooping than a rube goldberg machine, but with some work you might be able to avoid using stored passwords at all, which would be a very good thing. Because:

Retrievably stored passwords are security hot potatoes and to be avoided. They're such a bad idea that sudo, su, ssh, scp, and sftp don't just avoid them, they're all specifically designed to stop you from using them too. You have to use third-party brute-forcing tools like expect to shoehorn stored passwords into them at all. A stored password is an absolute last resort.
Last edited by Corona688; 03-17-2011 at 03:39 AM..
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Encrypt & Decrypt a String

Hi Everybody, I have a script that telnet another system. For some reasons, this is should be done by "root", so the root password has been written explicitly in this script, which mean any body read this script will know the root password of the other system. I think the solution is to write... (6 Replies)
Discussion started by: aldowsary
6 Replies

2. Shell Programming and Scripting

encrypt and decrypt password

how do i encrypt and decrypt a password (2 Replies)
Discussion started by: sanwish
2 Replies

3. Solaris

Decrypt Des file - then encrypt

Help.. I need to decrypt a file that was encrypted using DES 56 Bit. I have the encryption key and the block size used but no idea what utility to use.. I then need to encrypt the file using pgp and another key I have.. againt I dont know what utility to use. I am running solaris 9 .... ... (0 Replies)
Discussion started by: frustrated1
0 Replies

4. Shell Programming and Scripting

Encrypt and Decrypt script

Dear Experts, I am using one script name :volume.sh and its written in bash shell script. I just want to encrypt the script so that any one else cannot see it. please tell me the commands how to encrypt the script as well as to decrypt it. Regards, SHARY (9 Replies)
Discussion started by: shary
9 Replies

5. Shell Programming and Scripting

How to encrypt and decrypt a file

How to encrypt and decrypt a file using unix Command? Can any one help me? (2 Replies)
Discussion started by: laknar
2 Replies

6. Shell Programming and Scripting

Encrypt/Decrypt string with rsa keys

Hello, I wanted to know if there was a way to encrypt a string, not a file using openssl and then decrypt it? I cant seem to get it to work. This is what I have been trying but I'm not having much luck. encTxt=`echo "$1" | openssl dgst -sha1 -binary | openssl rsautl -sign -inkey... (1 Reply)
Discussion started by: tjones1105
1 Replies

7. Shell Programming and Scripting

Encrypt and Decrypt

I have script for all oracle prod db. I have hard coded the username / password. I need a mechanism to encode and decode the username / password in a shell script. Another challenge is I use the username and password in a Select command for oracle DB. How can call the decrypted... (2 Replies)
Discussion started by: ilugopal
2 Replies

8. Programming

Encrypt and Decrypt file using RIJNDAEL-128

Hi All, Can I use MCRYPT - (RIJNDAEL-128) / CBC mode to encrypt and decrypt a file? I am trying to find some sample C program on internet, which will encrypt and decrypt a file. But was not able to find any thing. Can some help me with the programming. Thanks. (1 Reply)
Discussion started by: Shre
1 Replies

9. Shell Programming and Scripting

Encrypt and decrypt the password in a Shell Script

Hello, I have the following UNIX shell script which connects to the teradata database and executes the SQL Queries. For this, I am passing database name, username and password. I don't want to reveal my password to anyone. So, is there any way that I can encrypt my password and read the... (2 Replies)
Discussion started by: ronitreddy
2 Replies

10. UNIX for Beginners Questions & Answers

Encrypt and Decrypt a File with Password

Hello, I have few files on unix which are payroll related and I need them to encrypt with password so others wouldn't see the data. I use ETL tool and would like to know the unix command that does encryption/decryption to use in the ETL. Thank you, Sri (3 Replies)
Discussion started by: eskay
3 Replies

LEARN ABOUT PHP

chpasswd

CHPASSWD(8)						    System Management Commands						       CHPASSWD(8)

NAME

       chpasswd - update passwords in batch mode

SYNOPSIS

       chpasswd [options]

DESCRIPTION

       The chpasswd command reads a list of user name and password pairs from standard input and uses this information to update a group of
       existing users. Each line is of the format:

       user_name:password

       By default the passwords must be supplied in clear-text, and are encrypted by chpasswd. Also the password age will be updated, if present.

       By default, passwords are encrypted by PAM, but (even if not recommended) you can select a different encryption method with the -e, -m, or
       -c options.

       Except when PAM is used to encrypt the passwords, chpasswd first updates all the passwords in memory, and then commits all the changes to
       disk if no errors occurred for any user.

       When PAM is used to encrypt the passwords (and update the passwords in the system database) then if a password cannot be updated chpasswd
       continues updating the passwords of the next users, and will return an error code on exit.

       This command is intended to be used in a large system environment where many accounts are created at a single time.

OPTIONS

       The options which apply to the chpasswd command are:

       -c, --crypt-method METHOD
	   Use the specified method to encrypt the passwords.

	   The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc support these methods.

	   By default, PAM is used to encrypt the passwords.

       -e, --encrypted
	   Supplied passwords are in encrypted form.

       -h, --help
	   Display help message and exit.

       -m, --md5
	   Use MD5 encryption instead of DES when the supplied passwords are not encrypted.

       -R, --root CHROOT_DIR
	   Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.

       -s, --sha-rounds ROUNDS
	   Use the specified number of rounds to encrypt the passwords.

	   The value 0 means that the system will choose the default number of rounds for the crypt method (5000).

	   A minimal value of 1000 and a maximal value of 999,999,999 will be enforced.

	   You can only use this option with the SHA256 or SHA512 crypt method.

	   By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in /etc/login.defs.

CAVEATS

       Remember to set permissions or umask to prevent readability of unencrypted files by other users.

CONFIGURATION

       The following configuration variables in /etc/login.defs change the behavior of this tool:

       SHA_CRYPT_MIN_ROUNDS (number), SHA_CRYPT_MAX_ROUNDS (number)
	   When ENCRYPT_METHOD is set to SHA256 or SHA512, this defines the number of SHA rounds used by the encryption algorithm by default (when
	   the number of rounds is not specified on the command line).

	   With a lot of rounds, it is more difficult to brute forcing the password. But note also that more CPU resources will be needed to
	   authenticate users.

	   If not specified, the libc will choose the default number of rounds (5000).

	   The values must be inside the 1000-999,999,999 range.

	   If only one of the SHA_CRYPT_MIN_ROUNDS or SHA_CRYPT_MAX_ROUNDS values is set, then this value will be used.

	   If SHA_CRYPT_MIN_ROUNDS > SHA_CRYPT_MAX_ROUNDS, the highest value will be used.

	   Note: This only affect the generation of group passwords. The generation of user passwords is done by PAM and subject to the PAM
	   configuration. It is recommended to set this variable consistently with the PAM configuration.

FILES

       /etc/passwd
	   User account information.

       /etc/shadow
	   Secure user account information.

       /etc/login.defs
	   Shadow password suite configuration.

       /etc/pam.d/chpasswd
	   PAM configuration for chpasswd.

SEE ALSO

       passwd(1), newusers(8), login.defs(5), useradd(8).

shadow-utils 4.5						    01/25/2018							       CHPASSWD(8)
All times are GMT -4. The time now is 10:41 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy