LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-08-2012, 02:17 PM   #1
dmiller7896
LQ Newbie
 
Registered: Sep 2006
Posts: 1

Rep: Reputation: 0
using a hashed password file


I'm looking for an encryption utility/software that will help me do the following: I have a script that runs periodically that will look at a file containing an SQL password which it uses to perform a DB query and return the results to a reporting engine. I would like to encrypt the file (or the password), but don't want to put the passphrase into the script (defeating the purpose of the encryption). I was wondering if it is possible to have the script fetch an encrypted (but not hashed) password out of file and send it to a utility to get the real password in order to perform the SQL queries, and if so, what it the utility/program/software package?

Last edited by dmiller7896; 10-08-2012 at 02:44 PM.
 
Old 10-08-2012, 09:00 PM   #2
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,301

Rep: Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037
But then you'd have to send the encryption key in order to for the utility to un-encrypt the password... unless you plan to hard code that key into the utility ...

It's the classic problem for auto de-crypting without leaving the key lying around ..

One soln is to supply the key (manually) on prog start-up and make the prog a daemon, so it only has it stored in memory.

Another is to have the key stored elsewhere and have the prog use an ssh-auth-key to go get it.
See also ssh-agent, which creates an env that can store the auth in memory for any process in the same tree.

This qn should produce some interesting answers...
 
Old 10-10-2012, 02:03 PM   #3
sneakyimp
Member
 
Registered: Dec 2004
Posts: 795

Rep: Reputation: 50
Isn't this like the problem where you have an SSL cert for your apache install? When your server reboots and apache starts again, you either have to A) make arrangements for the password to be supplied to apache on startup OR B) you have to decrypt your private key and just leave it stored on the file system somewhere. I don't think I've ever seen anyone opt for arrangement A. If your server reboots, memory is wiped, and there's no one around to supply the password.

I'm curious about what chrism01 has described, but I believe that most practical situations require that you store the password somewhere on your file system. It's a chicken/egg problem. If it's not stored on the file system, the machine is helpless to get started without your help or without retrieving the password from somewhere. I can imagine the machine might have a *different* password that it uses to authenticate with some external system to ask nicely for the password and then move along, but then you have the issue of this sensitive password getting passed around.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Storing salt along with hashed passwords on web server? jeriryan Linux - Security 3 07-15-2011 08:04 AM
how actual the password is hashed in linux mehersrinath Linux - Security 6 08-24-2008 11:01 AM
hashed oct tree!!! sahil_jammu Linux User Groups (LUG) 3 05-30-2007 03:36 AM
hashed oct tree!! sahil_jammu Programming 1 05-23-2007 03:21 PM
create hashed passwords in PHP ? ALInux Programming 1 11-12-2005 07:45 AM


All times are GMT -5. The time now is 03:42 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration