[Melbourne-pm] Obfuscating passwords in configurations

Tim Connors tconnors at astro.swin.edu.au
Tue Apr 26 23:17:03 PDT 2011


On Thu, 2 Dec 2010, Scott Penrose wrote:

> On 02/12/2010, at 1:50 AM, Shlomi Fish wrote:
> > I didn't do it, because this doesn't actually add protection. Anyone who's
> > acquired permissions to read your rc file will be able to run fetchmail as you
> > anyway—and if it's your password they're after, they'd be able to rip the
> > necessary decoder out of the fetchmail code itself to get it.
>
> This is 100% correct, and yet completely wrong.
>
> Some real world examples are:
>
> * Fake or even Real Video cameras. They act as a deterrent
> * Deadlocks on your house, when you have windows
>
> The down side of encrypting (and really, it is just obfuscating in this case) your password is you may get a false sense of security, e.g. you might post it on the net in a forum an example of config.
>
> The upside of encrypting (obfuscating) is that it protects against accidental finding.
>
> Subversion, GIT and many other command line tools in unix obfuscate their passwords. These are mature projects who have thought about the issues. (mind you they have also covered the security too, by recommending things like SSH keys).
>
> If you were running a simple disk scan, or helping someone manage disk issue/disk space, you won't be accidentally giving away your passwords.

Or if you were to cat ~/.fetchmailrc to your screen - someone looking over
your shoulder would have a reasonable chance of remembering a password in
the 15 seconds it was on the screen, if the password isn't too complex,
whereas they would have a heck of a lot harder time remembering a base64
encoded version.  Just like GUI programs display "****", should not config
files at least go to some effort to make `cat` not display the password in
cleartext?  Just like in GUIs such as firefox, you can trivially check the
box that says "shows cleartext", you can run:

say "The decrypted password is: " . $self->config->password;

But protecting, by default, against someone looking over your shoulder as
they walk past is a worthy cause.


-- 
Tim Connors


More information about the Melbourne-pm mailing list