8

我正在编写一个需要连接到SMTP 服务器才能发送邮件的Perl 脚本,但我真的不喜欢这种事情:

my $pass = '123456';

我发现Data::Encrypted应该允许用户第一次提示它,然后加密存储。

use Data::Encrypted file => ".passwd", qw(encrypted);
my $password = encrypted('password');

但我不能让它工作,它会产生运行时错误:

/Library/Perl/5.12/Data/Encrypted.pm 第 78 行的错误密钥文件格式

有没有人有同样的问题,或者知道另一种隐藏/保护密码的方法?

4

4 回答 4

11

Data::Encrypted模块最后一次发布是在 2001年。我认为不使用它是一个好兆头。

通常,我会说存储密码是一个坏主意,即使是加密的。但是,如果您必须存储密码以用于联系另一个系统,那么加密是可行的方法。我会这样做的方式是这样的:

# Rijndael is also known as AES, which is the encryption standard used by the NSA
use Crypt::Rijndael;
use IO::Prompter;

# This secret is exactly 32 bytes long, you could prompt for this as a
# passphrase or something and pad it with spaces or whatever you need
my $app_secret = 'this_is_the_key_the_app_uses....';

# Setup the encryption system
my $crypto = Crypt::Rijndael->new( $app_secret, Crypt::Rijndael::MODE_CBC() );

# Ask the user to enter the password the first time
my $password = prompt "password: ", -echo => ''; # from IO::Prompter

# Encrypt the password. You can save this off into a file however you need to
my $enc_password = $crypto->encrypt($password);

# Later load it from the file and decrypt it:
my $password = $crypto->decrypt($password);

有关更多信息,请参阅Crypt::RijndaelIO::Prompter

于 2012-08-03T11:44:11.380 回答
3

当您处理一个脚本,该脚本在没有任何用户交互的情况下向服务发送纯文本密码时,您已经注定要失败。您将提供的任何解决方案都只是默默无闻的安全性。您可以像zostay一样提供解决方案。但这相当于购买最先进的保险库,但将钥匙放在垫子下面并在纸上贴上文字:“检查垫子是否有钥匙!” 到前门。看,我将复制脚本,grep 密码。然后我会找到喜欢的线条my $password = $crypto->decrypt($password);并放置warn $password;就在下面一行并运行脚本。就是这样。我不在乎你使用什么算法,我不在乎你在哪里以及如何存储密码。你可以让我变得更难,但我破解的努力总是比你让它变得困难的努力少几个数量级。你的脚本是关键。看看这个电影业。他们花了数十亿美元来带一堆愚蠢的废话。他们最终得到了特殊的硬件,甚至电缆也有自己的密钥。好笑!它只会骚扰公平的用户。

如果您不想看起来很傻,请在脚本中放置普通密码。如果您想通过默默无闻来确保安全,那么不要用合理的名称命名变量,不要使用任何标准模块(看,方法decrypt就是线索!)并且不要浪费时间在复杂性上。我不会看你如何存储或加密密码,我会看你必须在哪里使用它并挂在那里。隐藏起来更容易也更难。

于 2012-08-05T08:12:42.437 回答
3

谢谢 !这是我的最终解决方案:

sub smtp_passwd(){
    #The secret pass phrase
    my $app_secret = 'd.<,3eJ8sh[(#@1jHD829J,Z!*dGsH34';

    #password file name
    my $passwd_file_name = ".passwd";

    # Setup the encryption system
    my $crypto = Crypt::Rijndael->new( $app_secret, Crypt::Rijndael::MODE_CBC() );

    #File Handler
    my $passwd_file;

    #If we cannot open the password file we initiate a new one
    unless ( open ( $passwd_file, '<', $passwd_file_name) ) {

        #Create a new file in write mode
        open ( $passwd_file, '>', $passwd_file_name);

        # Ask the user to enter the password the first time
        my $password = prompt "password: ", -echo => ''; # from IO::Prompter

        #Password must be multiple of 16 (we deliberately chose 16)
        my $pass_length = 16;

        #If password is to short we complete with blank
        $password = $password." "x ($pass_length - length ( $password ) ) if ( length ( $password ) < $pass_length );

        #If password is to long we cut it
        $password = substr ( $password, 0, $pass_length ) if ( length ( $password ) > $pass_length );

        #Encryption of the password
        my $enc_password = $crypto->encrypt($password);

        #we save the password in a file
        print $passwd_file $enc_password;

        #we close the file ( Writing mode )
        close $passwd_file;

        #Reopen the file in reading mode
        open ( $passwd_file, '<', $passwd_file_name)
    }

    #Loading the password en decrypt it
    my $password = $crypto->decrypt( <$passwd_file> );

    #Close the file
    close $passwd_file;

    #Return the password ( Here the password is not protected )
    return $password;
}
于 2012-08-07T08:02:25.933 回答
0

这是完整的代码,它利用了上面提到的部分代码,部分取自 Perlmonk。该脚本首先询问用户的用户名和密码,将其加密并存储在 .crypt 文件中。然后从中读取,解密并显示原始文本。第二次它将使用现有的用户凭据。

use Crypt::Rijndael;
use IO::Prompter;
use Crypt::CBC;
#keys
my $key = "a" x 32;
my $cipher = Crypt::CBC->new( -cipher => 'Rijndael', -key => $key );
my @plaintext;
my @ciphertext;
#keys

#filefield
#password file name
#my $file_name = ".crypt";
my $file_name = ".crypt";
#File Handler
my $file;


#If we cannot open the password file we initiate a new one
unless ( open ( $file, '<:encoding(UTF-8)', $file_name) ) { #<:encoding(UTF-8)
#Create a new file in write mode
    open ( $file, '>', $file_name);
    $plaintext[0]= prompt "Username:";
    $plaintext[1]= prompt "Password:", -echo => '';
    print "#################################################################################\n";
    print "# User credentials will be encrypted and stored in .crypt file and same is      #\n"; 
    print "# reused next time.  If you need to add new user credentials delete the .crypt  #\n";
    print "# file and re run the same script.                                              #\n";
    print "#################################################################################\n";
    $plaintext[0]=~ s/^\s*(.*?)\s*$/$1/;
    $plaintext[1]=~ s/^\s*(.*?)\s*$/$1/;


    while($plaintext[0] =~ /^\s*$/){
    $plaintext[0]= prompt "Username is mandatory:";
    $plaintext[0]=~ s/^\s*(.*?)\s*$/$1/;
    }
    while($plaintext[1] =~ /^\s*$/){
    $plaintext[1]= prompt "Password is mandatory:";
    $plaintext[1]=~ s/^\s*(.*?)\s*$/$1/;
    }


    $ciphertext[0] = $cipher->encrypt($plaintext[0]);
    $ciphertext[1] = $cipher->encrypt($plaintext[1]);

    #we save the password in a file
    print $file $ciphertext[0];

    #print $file "\n";
    #we save the password in a file
    print $file $ciphertext[1];
     #we close the file ( Writing mode )
    close $file;

    #Reopen the file in reading mode
    open ( $file, '<', $file_name)
 }


 my @holder;
 my $content;
if (open( $file, '<', $file_name)) {
  #chomp(@holder = <$file>);
 local $/;
    $content = <$file>;

} else {
  warn "Could not open file '$filename' $!";
}
@holder = split(/(?=Salted__)/, $content);
  print "Encrypted username:",$holder[0];
  print "\n";
  print "Encrypted password:",$holder[1],"\n";

 #Loading the password en decrypt it
$plaintext[0] = $cipher->decrypt( $holder[0] );
$plaintext[1] = $cipher->decrypt( $holder[1] );

print "\n\n";

print 'Username is:',"$plaintext[0]\n";
print 'Password is:',"$plaintext[1]\n";
#Close the file
close $file;

#filefield
于 2016-11-22T10:20:18.727 回答