Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re^2: Password Encryption and Decryption

by slayedbylucifer (Scribe)
on Mar 23, 2012 at 19:22 UTC ( #961298=note: print w/ replies, xml ) Need Help??


in reply to Re: Password Encryption and Decryption
in thread Password Encryption and Decryption

I am not sure whether I really want what you have asked. But I have to pass the REAL password to my application because it will never recognize a crypted password. BTW, I am logging to my application with my Active Directory Account and hence I am providing the my AD password in clear text format in my script. So I wanted not to write it in clear text and rather have it in the encrypted form and then decrypt it on the fly every time the script runs. THis is the reason I need a decryption mechanism.

Please do let me know if am thinking in wrong direction.


Comment on Re^2: Password Encryption and Decryption
Re^3: Password Encryption and Decryption
by JavaFan (Canon) on Mar 23, 2012 at 19:36 UTC
    What makes this more secure than storing passwords in plain text? If a program can automatically decrypt the passwords, an attacker can as well - he'd just run the program. Of course, you could protect the "encrypted" password with a password, but than you're back to the beginning, aren't you?

      Ok, so then is there a way I can have my script without a clear text password and still make it work?....

      My application will accept only AD password in their REAL form. Because sending an encrypted password to the application will get me access denied as that would be a wrong password.

      The application provides Perl API for automating task. So, I wanted to know is there a way to get this done in perl.

      Thanks.

        If your application wants a clear password, then you have to give it a clear password. There is no way around this.

        You can have your password in your program in an encrypted form and only have it decrypted against another password it asks for when you run it. That would be a more secure way, but not really practical.

        Another solution would be to save your password in a file on a memorystick and have your program read it from the stick and remove the stick once your are logged in. Then nobody can log in as you unless they also have access to the file on the memory stick. Your security problem then becomes a matter of physical security of your memorystick.

        CountZero

        A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

        My blog: Imperial Deltronics
        Well, you could always ask for the password, and type it in when the program asks for it.
Re^3: Password Encryption and Decryption
by ferz (Initiate) on Mar 24, 2012 at 20:17 UTC

    If you need to authenticate your users against a LDAP (like Active Directory), you have not to store user's passwords at all. You need not to store them.

    You need to use LDAP authentication for your appliation, when the user insert the login/password pair, you forward these info to Active Directory and if it confirms you know that the user is authenticated in that system.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://961298]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (7)
As of 2014-11-23 04:47 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My preferred Perl binaries come from:














    Results (128 votes), past polls