Hi,
echo "mypassword" | crypt "tom"
But this is giving me some unreadable strange looking characters / symbols never seen before which I cant even copy and save in a file.
SunOS mymac 5.10 Generic_150400-26 sun4v sparc sun4v
Can you help me with encrypting the password "mypassword" in readable string ?
Isn't that exactly what you want to do - encrypt some clear text into something unreadable to the world that can be retrieved only if the password is known? Don't copy and paste the result; save it in a file immediately. That file can be decrypted by applying crypt "tom" again.
Warning (from man crypt ):
Can you please confirm if crypt can do what I want it to do ?
openssl can be used with RSA algo and it gives encrypted text in readable format which can also be copied.
It's a very na�ve and personal requirement. Not caring too much about it being full proof.
So, what do you want it to do overall? (not just the one line)
I would expect that echo "mypassword" | crypt "tom" > encrypted_file will write your encrypted password into a file just fine, from where you can read it back, but what is the purpose?
The display you see will depend on a combination of a number of factors, such as locale, character sets for the terminal type defined, character set of the display you are using etc. You cannot reliably use the screen to just copy & paste the display for use elsewhere. You would need to copy the file of get it into a variable to use somehow.
If your script to retrieve it has the decryption password tom , the source file name and the method to extract it, then anyone who can read the code can get the password.
It's a common conundrum - how do you encrypt something and automate the decryption without just sharing the decryption.
If you can share a little more about the overall plan of your code, then we might be able to suggest something suitable.
Kind regards,
Robin
I just need the password to look visibly different than the actual password.
The encrypted password should be a string readable to humans.
So, I just need it to mask the password.
echo "mypassword" | base64
bXlwYXNzd29yZAo=
However you do it, it will be easy to reverse the process, so what is actually the purpose of encrypting it?
Robin
How to get the original password from "bXlwYXNzd29yZAo=" ?
By carefully reading the man page of "base64", until, upon chance, stumbling upon the description of the secret "-d" (decode) command line option and subsequently applying this arcane knowledge to your command line.
I hope this helps.
bakunin
What would be the point of storing an encrypted password? Is this so that it can be checked against user input?
A possible better way might be:-
Obviously you would have to store the output from a previous sum or md5sum in your script, but that is less likely to be cracked.
Would that help, OR is everyone going to shoot me down for doing something really daft. I hope it's helpful but I would like to be corrected if necessary.
Kind regards,
Robin
First off: this is perhaps the most ingenious way of being most secure in employing insecure methods in general. Sorry for this rather double-edged compliment, but you have to be aware that there are secure methods and there are other (not secure) methods. If you decide against secure methods you will always be able to move farther up the security scale, but only to some extent - principally insecure will always remain principally insecure, regardless of what you do.
Your method suffers from the fact that scripts are readable. I can extract the necessary md5sum from it, create a fitting PW offline (using all sorts of methods: dictionary attacks, ...) and then feed that PW into the script.
Still, your method is better than many others i have seen suggested in similar threads here and elsewhere.
I hope this helps.
bakunin
Note that a user's encrypted login password is created using crypt() exactly as you suggested and the system used to store the encrypted string in plain text in /etc/passwd (which is readable by everyone so tools like ls can decode the user-IDs and group-IDs returned by stat() into user and group names in long listings). Many, many moons ago, the actual encrypted passwords were moved into /etc/shadow which is readable only by root to avoid the problem bakunin mentioned in post #11.
I quite agree that this is not a great solution, but hopefully it's better than some. I would always prefer to use the tool designed for the job, (e.g. SSH keys) but as we still don't know the real purpose I'm not sure what the best tool is.
Are we discussing it here too:- http://www.unix.com/shell-programming-and-scripting/268788-there-generic-encrytion-masking-tool-available.html\#post302983344
It seems rather similar to me.
Robin
A little late into this thread but wouldn't the '=' be a bit of a give away?
Just a thought...
I know it is a padding character...
EDIT:
Also there would be a newline added using echo...
echo -n "mypassword" | base64
gives...
bXlwYXNzd29yZA==
openssl is the way to go. Works on all flavors systems i have.
Example of using openssl:
Get encrypted version of your password:
$ export KEY=testing
$ PASS="mypassword"
$ openssl enc -a -e -aes-128-ctr -nopad -nosalt -pass env:KEY <<< "$PASS"
5o24HujBi30BYD8=
Now use value above in your script to prompt and test for the correct PASS:
export KEY=testing
read -s -p "Enter Password: " PASS
if ! [ "5o24HujBi30BYD8=" = $(openssl enc -a -e -aes-128-ctr -nopad -nosalt -pass env:KEY <<< "$PASS") ]
then
echo "Incorrect password"
exit 1
fi
As mentioned before the encrypted PASS is visible in the script and so is open to "brute force" attacks. Avoid dictionary words or easily guessed strings.