is there a safe way to get a password using bash?

fflarex · 2009-05-27 01:20:21

Hey, I need to safely get a password in my bash script for encrypting some files. Currently my script just listens on a named pipe for something to come through and uses that for encrypting (I wasn't sure if it was safe to type a password in a shell script).

I would prefer something non-interactive if at all possible. This is going to be a cron job, so if it has to be interactive, it should be able to get my input without a terminal emulator. Any suggestions?

fukawi2 · 2009-05-27 03:42:39

Non-interactive is counter-intuitive to what passwords are for...

What is the problem you're trying to solve?

xstaticxgpx · 2009-05-27 03:56:42

</dev/urandom tr -dc [:graph:] | head -c<length of desired password>

Last edited by xstaticxgpx (2009-05-27 03:59:02)

djgera · 2009-05-27 04:12:01

read -s

              -s     Silent mode.  If input is coming from a terminal, characters are not echoed.

fflarex · 2009-05-27 06:48:51

fukawi2 wrote:

Non-interactive is counter-intuitive to what passwords are for...
What is the problem you're trying to solve?

I need a cron job to encrypt something with a password. If I store the password in plain text, I lose security. If it requires input, then it's not very useful to schedule it. I wasn't really thinking that hard when I asked this question. I should have known that there wasn't really any way to reconcile these two needs.

Maybe I'll just go with the "security through obscurity" route... my root partition is encrypted anyways, and with proper permissions on the file I could be pretty sure that nobody will read the password. Throw in some obfuscated code and hope that nobody really, really smart gets ahold of my computer while it's running.

bender02 · 2009-05-27 07:38:44

If you could use gpg then it would solve your problem - for encryption only the public key is required.

fflarex · 2009-05-27 07:43:32

Well yes, but it's a backup script. I can't count on having my private key if I lose all my files. I may end up using gpg anyway though... all the solutions here are less than ideal.

Last edited by fflarex (2009-05-27 07:46:14)

bender02 · 2009-05-27 07:58:11

You can create a special key for backups (so that you can't compromise your usual key) and then print the private key on paper - I know, not ideal, but it should be good enough for backups.

fukawi2 · 2009-05-27 08:29:27

There's a thing called the Law of Diminishing Returns too...

bender02 · 2009-05-27 09:57:25

fukawi2 wrote:

There's a thing called the Law of Diminishing Returns too...

Well he has to decide what's more important: having the backups well encrypted or having them easily available but with the password not so well hidden [I mean running without user interaction means that the password has to be written somewhere. Although since the root is encrypted, it is probably sufficient to actually have it written somewhere on disk - after all the secret gpg key is also written somewhere on the disk and protected by a password. If the main concern is not compromised machine but backups stored somewhere else, then it's about the same level of safety.]

Arch Linux

#1 2009-05-27 01:20:21

is there a safe way to get a password using bash?

#2 2009-05-27 03:42:39

Re: is there a safe way to get a password using bash?

#3 2009-05-27 03:56:42

Re: is there a safe way to get a password using bash?

#4 2009-05-27 04:12:01

Re: is there a safe way to get a password using bash?

#5 2009-05-27 06:48:51

Re: is there a safe way to get a password using bash?

#6 2009-05-27 07:38:44

Re: is there a safe way to get a password using bash?

#7 2009-05-27 07:43:32

Re: is there a safe way to get a password using bash?

#8 2009-05-27 07:58:11

Re: is there a safe way to get a password using bash?

#9 2009-05-27 08:29:27

Re: is there a safe way to get a password using bash?

#10 2009-05-27 09:57:25

Re: is there a safe way to get a password using bash?

Board footer