Thread Frage zu Security / Passwort-Handling (19 answers)
Opened by YAPD at 2019-07-11 21:33

YAPD
 2019-07-11 21:41
#190238 #190238
User since
2015-09-20
146 articles
BenutzerIn

user image
Ein Beispiel für die Verschlüsselung. Meinungen ?

Code: (dl )
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package Kernel::Extensions::IMCR;

# ---------------------------------------------------------------------------------

use Crypt::Rijndael;
use IO::Prompter;
use Crypt::CBC;

#keys
my $key = "a" x 32;
my $cipher = Crypt::CBC->new( -cipher => 'Rijndael', -key => $key );
my @plaintext;
my @ciphertext;
#keys

#filefield
#password file name
#my $file_name = ".crypt";
my $file_name = ".crypt";
#File Handler
my $file;


#If we cannot open the password file we initiate a new one
unless ( open ( $file, '<:encoding(UTF-8)', $file_name) ) { #<:encoding(UTF-8)
#Create a new file in write mode
open ( $file, '>', $file_name);
$plaintext[0]= prompt "Username:";
$plaintext[1]= prompt "Password:", -echo => '';
print "#################################################################################\n";
print "# User credentials will be encrypted and stored in .crypt file and same is #\n";
print "# reused next time. If you need to add new user credentials delete the .crypt #\n";
print "# file and re run the same script. #\n";
print "#################################################################################\n";
$plaintext[0]=~ s/^\s*(.*?)\s*$/$1/;
$plaintext[1]=~ s/^\s*(.*?)\s*$/$1/;


while($plaintext[0] =~ /^\s*$/){
$plaintext[0]= prompt "Username is mandatory:";
$plaintext[0]=~ s/^\s*(.*?)\s*$/$1/;
}
while($plaintext[1] =~ /^\s*$/){
$plaintext[1]= prompt "Password is mandatory:";
$plaintext[1]=~ s/^\s*(.*?)\s*$/$1/;
}


$ciphertext[0] = $cipher->encrypt($plaintext[0]);
$ciphertext[1] = $cipher->encrypt($plaintext[1]);

#we save the password in a file
print $file $ciphertext[0];

#print $file "\n";
#we save the password in a file
print $file $ciphertext[1];
#we close the file ( Writing mode )
close $file;

#Reopen the file in reading mode
open ( $file, '<', $file_name)
}


my @holder;
my $content;
if (open( $file, '<', $file_name)) {
#chomp(@holder = <$file>);
local $/;
$content = <$file>;

} else {
warn "Could not open file '$filename' $!";
}
@holder = split(/(?=Salted__)/, $content);
print "Encrypted username:",$holder[0];
print "\n";
print "Encrypted password:",$holder[1],"\n";

#Loading the password en decrypt it
$plaintext[0] = $cipher->decrypt( $holder[0] );
print $plaintext[0];
$plaintext[1] = $cipher->decrypt( $holder[1] );
print $plaintext[1];
print "\n\n";

print 'Username is:',"$plaintext[0]\n";
print 'Password is:',"$plaintext[1]\n";
#Close the file
close $file


Ich weiss nicht. Ich meine das PW steht nicht im Klartext im Code,
ein Print im Code allerdings und man hat es.

Viele Grüße
YAPD
Last edited: 2019-07-11 21:43:45 +0200 (CEST)
Yet Another Perl Developer

View full thread Frage zu Security / Passwort-Handling