Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: Password Encryption and Decryption

by JavaFan (Canon)
on Mar 23, 2012 at 19:13 UTC ( #961293=note: print w/ replies, xml ) Need Help??


in reply to Password Encryption and Decryption

Are you sure you want to use an encryption method that allows for decryption? That is not what most people consider to be a secure way of dealing with passwords. And it's hardly more secure than storing them in plain text.


Comment on Re: Password Encryption and Decryption
Re^2: Password Encryption and Decryption
by slayedbylucifer (Scribe) on Mar 23, 2012 at 19:22 UTC

    I am not sure whether I really want what you have asked. But I have to pass the REAL password to my application because it will never recognize a crypted password. BTW, I am logging to my application with my Active Directory Account and hence I am providing the my AD password in clear text format in my script. So I wanted not to write it in clear text and rather have it in the encrypted form and then decrypt it on the fly every time the script runs. THis is the reason I need a decryption mechanism.

    Please do let me know if am thinking in wrong direction.

      What makes this more secure than storing passwords in plain text? If a program can automatically decrypt the passwords, an attacker can as well - he'd just run the program. Of course, you could protect the "encrypted" password with a password, but than you're back to the beginning, aren't you?

        Ok, so then is there a way I can have my script without a clear text password and still make it work?....

        My application will accept only AD password in their REAL form. Because sending an encrypted password to the application will get me access denied as that would be a wrong password.

        The application provides Perl API for automating task. So, I wanted to know is there a way to get this done in perl.

        Thanks.

      If you need to authenticate your users against a LDAP (like Active Directory), you have not to store user's passwords at all. You need not to store them.

      You need to use LDAP authentication for your appliation, when the user insert the login/password pair, you forward these info to Active Directory and if it confirms you know that the user is authenticated in that system.

Re^2: Password Encryption and Decryption
by jose_m (Acolyte) on Mar 25, 2012 at 22:22 UTC

    use a password file and cat that file to get the password when you need it. i agree with everyone here encrypting and decrypting is futile since an attacker can just run your decrypter and get the file.

      i agree with everyone here encrypting and decrypting is futile

      Fair enough, 'everyone' is saying don't encrypt/decrypt passwords. That might lead someone to the (incorrect) conclusion that 'everyone' thinks passwords should just be stored in plain text.

      What 'everyone' was failing to say is that the correct approach is to stored hashed passwords rather than encrypted passwords.

        No, noone is failing to say that. Everyone but you is realizing that storing a hashed password isn't going to solve the OPs problem.

        Here's an example how hashed passwords are utterly useless: You have an application that needs access to a database. Access is password controlled. I give you the hashed password, and tell you to write a script to retrieve a piece of data from the database. Now, what's your plan? How do you intend to use this hashed password?

        Hashed passwords are great if your purpose is to check whether a given password is valid. However, the point of hashing passwords is to make retrieving them impractical. Which means that if you need the plain text password, hashed passwords are not the answer.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://961293]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (7)
As of 2014-12-27 22:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (177 votes), past polls