8

I configured msmtp with my gmail account. I obviously want to avoid writing my password in plaintext format in the config file. Luckily enough msmtp offer the option passwordeval which can be used to obtain the password from the output of an an executable.

The question is: how should I use it?

I found here the following suggestion: passwordeval gpg -d /some/path/to/.msmtp.password.gpg

That doesn't make much sense to me: if someone is able to access my config file he will certainly manage to run such a command and obtain the password from gpg.

So I believe I'm left with the only option of obfuscating the password within the binary executable even if I read almost everywhere that this is bad!

My impossible-to-hack implementation is: if the sendmail process is running output the correct pass, otherwise give a fake pass.

Your suggestions? Other (more secure) tricks different from storing the pass in the binary file?

4

2 回答 2

2

From Sukima's comment:

The reason gpg -d works is because it requires the private key of the person the file is encrypted to. So just placing that encrypted file in the public it is still encrypted an only one person (the one with the secret key) can decrypt it. It is assumed that the secret key is locked up on the user's machine and not leaked. It also assumes that they have not setup any agents which cache the unlock password while a hacker has direct access to the same machine. All of which is highly unlikely in 99% of all attacks.

于 2017-01-06T23:25:14.347 回答
0

There is not a standard solution on how to save credentials with the constraint of

  • having to use the credentials in plain text later
  • and in an unattended way
  • on a system which is not completely controlled by you (if it is you just set appropriate rights on the files holding the secrets)

You have several solutions, none solves perfectly your problem:

  • encrypt your credentials in a symmetric way: you need to input the key to decrypt them
  • encrypt in an asymmetric way: you need to provide your private key, which must be stored somewhere (unattended approach) or keyed in
  • obfuscate: as you mention, this only protects from some population
  • get it from somewhere else - you need to identify a way or another your system

You need to take into account which risk is acceptable and go from there.

于 2015-04-12T18:47:27.223 回答