Password Encryption

Jerry Mcguire · 10-19-2017, 09:35 PM

Hi all,

I come into an discussion with a colleague on password security. Could you hear the scenario and provide some opinion?

At work I have to manage an small application running on Linux that will login automatically to a service on regular basis. The login requires a login id and a password. Naturally I will have to store the credentials locally for automation. To store the credentials, using open source algorithms, the credentials can either be scrambled and stored in a file, or be encrypted with keys, and stored in some files.

Theoretically if someone can obtain these keys or files, then the credentials will be exposed.

My view is that, there wouldn't be much difference if the plain credentials are stored in a file?

What do you think?

Jerry.

TenTenths · 10-20-2017, 08:00 AM

If the whole server is compromised then you can assume that the credentials can be used.

On the other hand, if the script containing an encrypted password somehow "escapes" then without the decryption key it's useless.

In the past we've made use of a secure key-store server when at startup other servers have transferred and decoded keys in to memory (actually /dev/shm) and used them from there. The advantage being that if the server is physically stolen and restarted the keys will no longer be in memory or on the device.

ANYWHERE that servers log in automatically to other servers is inherently a weakness if the client server is compromised.

sundialsvcs · 10-20-2017, 11:29 AM

I suggest that you store the keys – possibly scrambled, to make it less-than-trivially-easy to snatch – in a file with a r--/---/--- permissions mask, granting only the Owner of the file only the ability to Read it. Then, be sure that the file is owned by the user-id that runs the application.

Now, secure the system so that no one can break into it.

Be sure also that the connection to the remote service uses cryptographic security, e.g. TLS/SSL. It is desirable that the connection uses digital certificates to further restrict who is capable of connecting to the remote service in the first place, but ex minimis be sure that the traffic is not passing over the Internet "in the clear."

Jerry Mcguire · 10-22-2017, 09:57 PM

Thanks for your replies.

Let's say the following command is used to 'make' the plain credentials stored in ~/.foo not so plain.

Code:

[client@CLIENT ~]$ chmod 600 ~/.foo
[client@CLIENT ~]$ openssl enc -base64 -in ~/.foo > ~/.bar
[client@CLIENT ~]$ chmod 600 ~/.bar

The client account has shell /sbin/nologin .

To me, the security level of ~/.bar is not any higher than ~/.foo . This password encryption is nothing more than a trickery.