Re: storing password in variable
From: foo (foo_at_bar.baz)
Date: 06/07/04
- Next message: Ed Morton: "Re: cat w/ file ids?"
- Previous message: foo: "Re: cat w/ file ids?"
- In reply to: Atom 'Smasher': "storing password in variable"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 07 Jun 2004 00:04:13 -0700
Atom 'Smasher' wrote:
> using a script to encrypt (using openssl) some files to removable media,
> i'm prompted for a password (twice) each time openssl is invoked.
>
> i'm wondering if it's "safe" for the script to ask me for a password,
> store the password in a variable, and use it each time openssl is invoked
> throughout the script. (i can have the script not echo the password as i'm
> typing it, and ask for it to be typed twice)
>
If someone has read access to '/dev/mem', they can see your password in
plain-text; so this approach isn't advisable.
> in the environment where this is being used, my concern (and curiosity) is
> if the variable (containing the password) might be saved to disk cache
> while the shell script is running.
This can happen if your OS implements virtual memory (e.g., the page that
holds your password is paged-out to disk) or full-fledged process swapping.
I know Linux implements both.
Once again, if someone has read access to the swap partition or page-file,
they can see your password in plain-text.
>
> so i'm wondering how "safe" it is to do that, what else should i be
> concerned with, and how much of this is shell and OS dependant.
>
This is mostly OS dependent, unless of course you store your password in a
global environment variable using 'export' or 'declare -x' in BASH.
> thanks...
- Next message: Ed Morton: "Re: cat w/ file ids?"
- Previous message: foo: "Re: cat w/ file ids?"
- In reply to: Atom 'Smasher': "storing password in variable"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
