Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello all,
I've got a script set-up and i'm interested to know how good if at all it is for its purpose, i have a file which gets source'd in my script to get a couple of variables which hold user and password information. Basically this file is called like so:
source /FILENAME
however just before its call i do this:
mcrypt -ud /FILENAME.nc
(i get asked to input the de-cryption pass phrase done manually when i run the script)
source /FILENAME
mcrypt -u /FILENAME
(asked to input the encryption pass phrase done manually when i run the script)
returns the file back to encrypted and then to /FILENAME.nc
Now its by now obviously sourced in the username and password, how easy or difficult is it to get those variables once my script has been run say in an ssh session, and how long if longer than the ssh session is closed, does the variables stay visiable, its almost acting like a password file obviously.
is this reasonable for keeping username and password safe from say trying to view the file and also if access on the box was gained, not that i expect it to be!! you just never know ??
Then everytime you need to check the password calculate the hash from the user input and compare it to the hash digest.
Hash functions aim to be easily calculated in one way but not in reverse. So attackers should have a hard time generating the original password from the hash value.
In cases you need the original password (e.g. for ssh sessions) you should use asymmetric authentication.
Last edited by brianmcgee; 10-02-2007 at 10:12 AM.
thats cool, but as the password, user name is only available unencrypted for no time at all i think it would still be ok. But second thoughts i could do away with that all together, and hash the password, and then when i run my script ask the user to enter the password and then compare the hashes, would that be just as good do people reckon its probably how people do it already? Especially as its sha hash and it always the same as long as the same key is used to generate the thing in the first place
Still looking for more information on how long a variable is kept alive for once source'd if anyone knows??
Cheers for the reply!
Last edited by helptonewbie; 10-02-2007 at 01:10 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.