Silly trick to keep cleartext passwords off your hard-drive...
I "inherited" a password list for the servers I maintain. It's huge. I don't think I could memorize them all if I tried. Seriously, 200+ something machines, each with a root or administrator password, postgres or sa password, and user passwords for standard services? I'd do good to remember the passwords for *one* machine...
So I get this bright idea...I certainly don't want to store them electronically in plaintext without some safety mechanism...my desktop machine is running OpenBSD 4.4 so I'm not terribly worried about remote break-ins, but I do sometimes forget to lock my workstation when I wander off to get coffee...so I wrote a little script to guard against the office gnomes...
Say hello to pycrypto (if you read my first post, you'd know I love Python heh). A quick "build script" that uses pickle, Crypto.Cipher and Crypto.Hash, and I have an encrypted on-disk dictionary of host_user:encrypted_password pairs. Another script to allow other scripts access to the passphrase challenge, and I'm in business.
I can now access any of my machines via a simple import, __init__(), get_site(<host_user>) script. It works beautifully, and it beats storing the passwords in an Excel file. I'll post the source for the build script and decrypt script if anyone wants to see.
Now the weak link is the master passphrase...which I could encrypt in *another* script which could have.....
heh, just kidding =)
So I get this bright idea...I certainly don't want to store them electronically in plaintext without some safety mechanism...my desktop machine is running OpenBSD 4.4 so I'm not terribly worried about remote break-ins, but I do sometimes forget to lock my workstation when I wander off to get coffee...so I wrote a little script to guard against the office gnomes...
Say hello to pycrypto (if you read my first post, you'd know I love Python heh). A quick "build script" that uses pickle, Crypto.Cipher and Crypto.Hash, and I have an encrypted on-disk dictionary of host_user:encrypted_password pairs. Another script to allow other scripts access to the passphrase challenge, and I'm in business.
I can now access any of my machines via a simple import, __init__(), get_site(<host_user>) script. It works beautifully, and it beats storing the passwords in an Excel file. I'll post the source for the build script and decrypt script if anyone wants to see.
Now the weak link is the master passphrase...which I could encrypt in *another* script which could have.....
heh, just kidding =)
Total Comments 0
