我正在编写 Perl脚本,需要连接到 SMTP服务器才能发送邮件,但我真的不喜欢这种事情:
my $pass = '123456';
我找到 Data :: Encrypted ,这应该允许用户第一次提示它,然后加密存储。
use Data::Encrypted file => ".passwd", qw(encrypted);
my $password = encrypted('password');
但是我无法使它工作,它会导致运行时错误:
/Library/Perl/5.12/Data/Encrypted.pm第78行的密钥文件格式错误
是否有人有同样的问题,或者知道隐藏/保护密码的其他方法?
答案 0 :(得分:10)
Data::Encrypted模块最后一次发布于2001年。我想说这是一个不使用它的好兆头。
通常情况下,我认为存储密码甚至是加密的坏主意。但是,如果您必须存储密码以便与其他系统联系使用,则可以对其进行加密。我这样做的方式是这样的:
# Rijndael is also known as AES, which is the encryption standard used by the NSA
use Crypt::Rijndael;
use IO::Prompter;
# This secret is exactly 32 bytes long, you could prompt for this as a
# passphrase or something and pad it with spaces or whatever you need
my $app_secret = 'this_is_the_key_the_app_uses....';
# Setup the encryption system
my $crypto = Crypt::Rijndael->new( $app_secret, Crypt::Rijndael::MODE_CBC() );
# Ask the user to enter the password the first time
my $password = prompt "password: ", -echo => ''; # from IO::Prompter
# Encrypt the password. You can save this off into a file however you need to
my $enc_password = $crypto->encrypt($password);
# Later load it from the file and decrypt it:
my $password = $crypto->decrypt($password);
有关详细信息,请参阅Crypt::Rijndael和IO::Prompter。
答案 1 :(得分:3)
当您处理一个脚本,该脚本在没有任何用户交互的情况下向服务发送纯文本密码时,您已经注定失败了。您将带来的任何解决方案都只是默默无闻的安全性。你可以像zostay那样提供解决方案。但这相当于购买了最先进的保险库,但却把钥匙放在垫子底下并贴上了文字:“检查垫子上的钥匙!”到前门。看,我将只复制脚本,grep为密码。然后我会找到my $password = $crypto->decrypt($password);之类的行,并将warn $password;放在下面一行并运行脚本。而已。我不关心你使用什么算法,我不关心你在哪里以及如何存储密码。你可以让我更难,但我的努力破解总是比努力努力的几个数量级。你的脚本是关键。看看这个电影业。他们花了数十亿美元与一堆愚蠢的垃圾一起来。他们最终得到了特殊的硬件,甚至电缆都有自己的密钥。爆笑!它只是骚扰公平用户。
如果您不想看起来很傻,请在脚本中放置普通密码。如果你想通过默默无闻的安全性,那么不要使用合理的名称来命名变量,不要使用任何标准模块(外观,方法decrypt是线索!)并且不要浪费你的时间进行复杂化。我不会看你如何存储或加密密码,我会看看你将在哪里使用它并挂钩。隐藏得更容易也更难。
答案 2 :(得分:3)
谢谢!这是我的最终解决方案:
sub smtp_passwd(){
#The secret pass phrase
my $app_secret = 'd.<,3eJ8sh[(#@1jHD829J,Z!*dGsH34';
#password file name
my $passwd_file_name = ".passwd";
# Setup the encryption system
my $crypto = Crypt::Rijndael->new( $app_secret, Crypt::Rijndael::MODE_CBC() );
#File Handler
my $passwd_file;
#If we cannot open the password file we initiate a new one
unless ( open ( $passwd_file, '<', $passwd_file_name) ) {
#Create a new file in write mode
open ( $passwd_file, '>', $passwd_file_name);
# Ask the user to enter the password the first time
my $password = prompt "password: ", -echo => ''; # from IO::Prompter
#Password must be multiple of 16 (we deliberately chose 16)
my $pass_length = 16;
#If password is to short we complete with blank
$password = $password." "x ($pass_length - length ( $password ) ) if ( length ( $password ) < $pass_length );
#If password is to long we cut it
$password = substr ( $password, 0, $pass_length ) if ( length ( $password ) > $pass_length );
#Encryption of the password
my $enc_password = $crypto->encrypt($password);
#we save the password in a file
print $passwd_file $enc_password;
#we close the file ( Writing mode )
close $passwd_file;
#Reopen the file in reading mode
open ( $passwd_file, '<', $passwd_file_name)
}
#Loading the password en decrypt it
my $password = $crypto->decrypt( <$passwd_file> );
#Close the file
close $passwd_file;
#Return the password ( Here the password is not protected )
return $password;
}
答案 3 :(得分:0)
这里是完整的代码,它使用了上面提到的部分代码和部分代码来自Perlmonk。该脚本首先询问用户的用户名和密码,加密并将其存储在.crypt文件中。然后从中读取,解密并显示原始文本。第二次它将使用现有的用户凭证。
use Crypt::Rijndael;
use IO::Prompter;
use Crypt::CBC;
#keys
my $key = "a" x 32;
my $cipher = Crypt::CBC->new( -cipher => 'Rijndael', -key => $key );
my @plaintext;
my @ciphertext;
#keys
#filefield
#password file name
#my $file_name = ".crypt";
my $file_name = ".crypt";
#File Handler
my $file;
#If we cannot open the password file we initiate a new one
unless ( open ( $file, '<:encoding(UTF-8)', $file_name) ) { #<:encoding(UTF-8)
#Create a new file in write mode
open ( $file, '>', $file_name);
$plaintext[0]= prompt "Username:";
$plaintext[1]= prompt "Password:", -echo => '';
print "#################################################################################\n";
print "# User credentials will be encrypted and stored in .crypt file and same is #\n";
print "# reused next time. If you need to add new user credentials delete the .crypt #\n";
print "# file and re run the same script. #\n";
print "#################################################################################\n";
$plaintext[0]=~ s/^\s*(.*?)\s*$/$1/;
$plaintext[1]=~ s/^\s*(.*?)\s*$/$1/;
while($plaintext[0] =~ /^\s*$/){
$plaintext[0]= prompt "Username is mandatory:";
$plaintext[0]=~ s/^\s*(.*?)\s*$/$1/;
}
while($plaintext[1] =~ /^\s*$/){
$plaintext[1]= prompt "Password is mandatory:";
$plaintext[1]=~ s/^\s*(.*?)\s*$/$1/;
}
$ciphertext[0] = $cipher->encrypt($plaintext[0]);
$ciphertext[1] = $cipher->encrypt($plaintext[1]);
#we save the password in a file
print $file $ciphertext[0];
#print $file "\n";
#we save the password in a file
print $file $ciphertext[1];
#we close the file ( Writing mode )
close $file;
#Reopen the file in reading mode
open ( $file, '<', $file_name)
}
my @holder;
my $content;
if (open( $file, '<', $file_name)) {
#chomp(@holder = <$file>);
local $/;
$content = <$file>;
} else {
warn "Could not open file '$filename' $!";
}
@holder = split(/(?=Salted__)/, $content);
print "Encrypted username:",$holder[0];
print "\n";
print "Encrypted password:",$holder[1],"\n";
#Loading the password en decrypt it
$plaintext[0] = $cipher->decrypt( $holder[0] );
$plaintext[1] = $cipher->decrypt( $holder[1] );
print "\n\n";
print 'Username is:',"$plaintext[0]\n";
print 'Password is:',"$plaintext[1]\n";
#Close the file
close $file;
#filefield