Share your knowledge at the LQ Wiki.
Go Back > Blogs > Musings on technology, philosophy, and life in the corporate world
User Name


Hi. I'm a Unix Administrator, mathematics enthusiast, and amateur philosopher. This is where I rant about that which upsets me, laugh about that which amuses me, and jabber about that which holds my interest most: Unix.
Rate this Entry

Silly trick to keep cleartext passwords off your hard-drive...

Posted 12-15-2008 at 04:08 PM by rocket357
Updated 12-15-2008 at 04:19 PM by rocket357

I "inherited" a password list for the servers I maintain. It's huge. I don't think I could memorize them all if I tried. Seriously, 200+ something machines, each with a root or administrator password, postgres or sa password, and user passwords for standard services? I'd do good to remember the passwords for *one* machine...

So I get this bright idea...I certainly don't want to store them electronically in plaintext without some safety desktop machine is running OpenBSD 4.4 so I'm not terribly worried about remote break-ins, but I do sometimes forget to lock my workstation when I wander off to get I wrote a little script to guard against the office gnomes...

Say hello to pycrypto (if you read my first post, you'd know I love Python heh). A quick "build script" that uses pickle, Crypto.Cipher and Crypto.Hash, and I have an encrypted on-disk dictionary of host_user:encrypted_password pairs. Another script to allow other scripts access to the passphrase challenge, and I'm in business.

I can now access any of my machines via a simple import, __init__(), get_site(<host_user>) script. It works beautifully, and it beats storing the passwords in an Excel file. I'll post the source for the build script and decrypt script if anyone wants to see.

Now the weak link is the master passphrase...which I could encrypt in *another* script which could have.....

heh, just kidding =)
Posted in Uncategorized
Views 1308 Comments 0
« Prev     Main     Next »
Total Comments 0




All times are GMT -5. The time now is 07:15 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration