[Melbourne-pm] Obfuscating passwords in configurations

David Dick ddick at iinet.net.au
Wed Dec 1 03:58:57 PST 2010


On 01/12/10 21:29, Leigh Sharpe wrote:
> Hi All,
> I'm using Config::Simple to retrieve configuration options from an
> external file. One of the configuration options is a password, but I'm
> really not keen on having a password in plain-text in a config file.
> Just setting the config file to be non-world-readable isn't really
> adequate. Can anybody suggest a way of obfuscating the password in the
> config file, and being able to retrieve it in my program?

I think it has to come down to the question of what you are trying to 
defend against.  If you are trying to protect the password against a 
determined attacker with a local account on the machine, i cannot think 
of a way.  Obfuscation ain't much of a hope against a determined attack. 
  If you are trying to help a sys-admin not know the passwords just b/c 
they _have_ to look at the config file, would padding and base64 
encoding be acceptable?  From the above, it sounds like you are trying 
to protect against a user that already has an account on the machine in 
question, which would have to raise the possiblity of the attacker 
obtaining root access via a privilege escalation attack and owning the 
box anyway.

The only other way that i could think of is encrypting the password with 
a variable (like the account password) that only the allowed user knows. 
  That way, the complete secret is not stored on the filesystem. 
However, even then, with a hostile local (probably soon to be root) 
user, i don't think you could be confident that your secret will stay 
secret for long.


More information about the Melbourne-pm mailing list