Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I encrypt or hide passwords in a Perl script?

I am working on Perl script that uses Expect to login via telnet to remote machines (don't ask, gotta use telnet). I also do perforce p4 login operations as necessary and use expect to pipe in the correct passwords. For now I just read passwords from clear text environment variable, i.e. export PASSWORD=password, which I know is no good security wise.

What's the best way to store passwords for scripts like these that need a lot of passwords for multiple systems? Encrypted in a text file somehow? Or something else?

Keep in mind I can't easily change the existing systems, like for example I can't really install SSH or anything like that.

like image 780
Ville M Avatar asked Mar 03 '09 00:03

Ville M


2 Answers

Probably your best way is to put the passwords in a separate file, and lock the security for that file down so only you have read access. Unfortunately, if you store an encrypted password in your script, you'll also have to store the decryption method, so an attacker can run the decryption and recover your password.

like image 141
Kevin Lacquement Avatar answered Sep 20 '22 20:09

Kevin Lacquement


There was a very similar question earlier, see my answer to it.

In short, a human has to kick off the chain of trust. Everything else is obfuscation.

like image 31
Schwern Avatar answered Sep 19 '22 20:09

Schwern