This has been rehashed many times here, over and over and over.
The way to prevent people from reading the file is to prevent them from reading it: chmod o-r filename ; chmod u-r filename ; chmod g-r filename ...and if they have access to root, you cannot protect something running on their machine alone.
shc will not work because they can just strip the text out of the file, or substitute a fake shell to grab the text when it runs.
encryption will not work because the instant you decrypt it to run it, it becomes vulnerable again.
"But what if I added code to (...?) inside the script?" Then you will have created an encrypted program which, if the hacker has any trouble decrypting it himself, politely decrypts itself for him should he try to run it. Dead-end.
What I'm wondering is, what does this password do? Does it connect to another server, a server under your control? Arrangements like that can be used.
ENCRYPT
echo "secretpassword" | openssl aes-256-cbc -a -salt
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
U2FsdGVkX19T5h74/9HOtWBX4WoIggVKksYf7L1WBso=
DECRYPT
echo "U2FsdGVkX19T5h74/9HOtWBX4WoIggVKksYf7L1WBso=" | openssl aes-256-cbc -a -d -salt
enter aes-256-cbc decryption password:
secretpassword
How would he actually use this, though? If the script didn't contain a password for the password, it would have to ask for one every time. And if it did contain a password for the password, it would decrypt itself for the hacker's convenience just by running it.
And either way, it's still unprotected from interception before it gets sent to the shell.
I have a faint glimmer of an idea which involves an ssh server set up somewhere just to serve keys... But in the end, it always comes down to running the code somewhere else.
Last edited by Corona688; 01-23-2014 at 11:08 AM..
Hello, on my android device my app autosaves my password and it encrypts by TLS
im not politically exposed person, just regular entrepreneur. Should i worry if i loose my phone with TLS encrypted password? Or regular mortals or casual hackers are not able to crack it? (4 Replies)
i have an application that uses the encrypted password that's in the /etc/shadow file.
i copied the line for the particular username i was interested it in from shadow file and i pasted it into the password file of the application. the application is nagios.
this application allowed that... (5 Replies)
Hi
I wonder whether is possible to generate enrypted passwd for some user and paste it into /etc/shadow file ?
What kind of encryption is used in /etc/shadow file ?
ths for help. (1 Reply)
Hi folks,
What will be the easy way to decrypt encrypted passwords on MySQL table. Googling brought me many suggestions on crypt/decrypt running scripts. Please advise. TIA
Remark:
I think the encrypt function of MySQL uses the Unix crypt command to encrypt
B.R.
satimis (1 Reply)
Actually in my application there is an XML file. The password and the user name for the database that I need to access the development box is stored there.
But using some UNIX command I am able to access the raw content of the file and not the decrypted code for that password. When I am applying... (3 Replies)
We are currently using a script to copy the same encrypted password between our HP-UX and Solaris servers editing the trusted and shadow files directly. The encrypted password is only 13 characters long on both servers and decrypts the same way. Is there a way to copy this same string to Linux... (5 Replies)
I have a Solaris 5.9 server and need send information via SFTP automaticaly, and set my username and password encrypted. How can I do this?
Best regards (1 Reply)
I'm tasked to change a user's password on multiple Linux systems (RH v3). I though copying the encrypted password from one Linux /etc/shadow file to another would work but I was wrong.
The long term solution is to establish an openLDAP Directory service, but for now I'm stuck with a manual... (1 Reply)
Hi,
I do not want the plaintext password to appear in the netrc file. So I want to encrypt the password. Is there a way to encrypt the password and still make ftp to use the netrc ?
Thanks in advance.
-Gow:confused: (2 Replies)
