[sf-perl] OT: Secure password storage

David Alban extasia at extasia.org
Thu Jan 15 08:27:36 PST 2009 

hi daniel,

i don't store or access my passwords using a portable device, which it
sounds like you might want to do, but this works for me:  i store my
passwords in pgp-encrypted files.  i wrote a small utility to edit
them after their initial creation.  it decrypts to a 0600 perms tmp
file; invokes an editor; compares before and after md5sums to detect
any changes; prompts the user to save the change if one is detected;
re-encrypts data if user opts to save changes; and deletes the tmp
file) which makes it super easy to update pgp-encrypted files.  i
store both personal passwords at home and work passwords at the office
this way.

also, i've taken to placing "garbage" in all of my pgp-encrypted
files.  i use the following to generate it:

    #!/usr/bin/perl

    use warnings;
    use strict;

    $ENV{ PATH } = '/sbin:/bin:/usr/sbin:/usr/bin';

    my $size = shift || 1024;

    my $s;

    open my $fh, '/dev/random' or die "$0: can't open /dev/random: $!\n";
    if ( sysread( $fh, $s, $size ) != $size ) {
      die "sysread failed to read $size bytes from /dev/random: $!\n";
    } # if
    close $fh;

    my $cmd = "openssl base64";

    open my $CMD, "|$cmd" or die "$0: can't open command '$cmd': $!\n";
    print $CMD $s;
    close $CMD;

i try to put more "garbage" than "good data" in the files before
encrypting them as an added measure to make unauthorized access more
difficult.

hope this helps,
david

<gratuitous garbage>
YrlGMzp10wQWCZuZP8+EgnFVrs685RmSC5Ia4QKEqcaLAbPVbgz0d8k+sxygNIdV
Vabb2HbDvYje81zhZSbT9uLJP2I8f7YH0ZlYChQW7vFXTxGCPropnuUsIPUuJyVH
qWWDPOmoPocK9gCEO61FLAt8LX5XPvHyuhKH0TA9M2VjMaHkoxKkON4pILV1jgDT
ux4sN5KXxHZF/tl0S3eYiM22JbHuQkLv1sKzPPhNRmEkS8YDYQhOtAtYpxwozOZS
KTgFxJiV3eZ2tI5/u1NW2Aor9xZIv5uVYcc01zRR4sx4hen1Htpkh0bbgMm5Xevg
C4I//1kZ/x7Y4dz5bzttHlRKefTO9oytC6tajFRxn4S4A0OyqGvsigA2iCDRx0Ki
nR1myrv2qe//VavZWSPx+/i/eBQ9Z7cBehGaznYzpUG2lD1QrU0Z0HbRKQzMp/7h
1+i6d+GRcsoOrqst8fNjGvyrwqRWAOQaTDm0RNnNOPFN1fMEPb1Zz0GJBrAS2o+q
H3vnmwcm1jHLSfrVlKCT9pXJgG2i3z+96lgYOPCBn4WUGKa/rteu5HN1+u6QPR8w
LRMsPz3BF0k3a0um6tREaTgPshoI+r22ELvOCl89pISEm513x6VIJcgHZwDBO3mk
auDuHbHiTz4wTCTQL95zOYQRJHQabokO2fqtHhUQj+8vWtwfbdcmq89IklK9zguZ
pjONGTPSUIRdntCP/vpgIsMFPb4TbGP5L1a1SEBPxqMx/m6V/2vq5pX4EP6Kdu4v
PUACDJHnkYZVpcEQICqJJy3KS8VsYoFJZybd65yLKiao0YrMwuC8iN4bx6xrTMrn
NgiJq54AyKB6X2o4kK7XTS2V1YvkIshqaFr130D9a47TVWIuce0arMp3j8OsytV8
VgpHmUDkaZwGTpgo0tBAt+LeW03vzycwO2RGac8Q/MTfJdkGxO3zSX6JtXYP+Ze/
+KS3MlIIHK0pK905GgnvnPgXOTIxFo5QpKoHfeGKtqaI9ViXiXrwvcITvAN+Exgx
UiflHA3hf61fNZBMLyC7i4NepF3bloHrTaV2obFm7xL7x0WnxRXAFjBBYIHE1Qnd
qgzF1mj0nyWHq1tN5Q+cQaVLDNIQ0CoqYMeA8bSxqw/nhYptRwD6ukQiTjlH+qU4
8J4WJZj/126VYeV71xqwxJxaycd30Z61e6lpjZABdfhIZ/UDIHg1RFpMkYmT8fJa
sdKxlfrdKEl8hkivir3ISwMtST7w9PbXPySn5xY9TblbkhjmlMyTRm2RSEB+2QCv
BhRvtxDbDV4hC6ucXAFKg79sGcq2xDyVSEbm327cVu+bdQWLmEWzcKLuQ7UHZFyO
lQxPK7shg1zTavQ+k5yn3Q==
</gratuitous garbage>

On Thu, Jan 15, 2009 at 7:26 AM, Daniel Lo <woof at danlo.com> wrote:
> Now I have to find a new method of password storage.  The problem I am facing is
> that I can't find any devices suitable for password storage.

-- 
Live in a world of your own, but always welcome visitors.

More information about the SanFrancisco-pm mailing list