All geek questions in one place

How to manage passwords in application configuration

I am working on a system that interacts with many external system APIs: s. Most of them require authentication. For ease of use, there is an AppConfig application with a wide application coverage that stores configuration information as well as credentials for external systems.

My question is that it is a bad idea to store user names and passwords (in clear text) on external systems in the application configuration file. If so, how do you avoid it?

To access the configuration file, you must either compromise the server file system or the git repository on another server (or, of course, any development system). I thought that encrypting the password in the configuration file does not increase the level of security, since the encryption key must be stored somewhere. Am I wrong about this?

I would really like the answers explaining how you solved this problem.

Decision

So here is my final decision. I created a simple library using OpenSSL to encrypt and decrypt my sensitive data. The key is retrieved from the user when loading the configuration, with the exception of production servers, where it is stored in a file. This is still not an optimal solution, but it is better than the "solution" that I previously had.

Thank you for your responses. I agree with Wayne's answer as it was the most informative.

+4
source share
3 answers

Good security is complicated.

As Bruce Schneier says: “Security is a compromise.” You must decide how securely you want this information, and how much time you want to spend on providing this information. And you definitely don't want to leave passwords just sitting there in plain text, that no, no. If you are in a situation where this is normal, you are in a situation where you should not have user authentication.

Although security is complex, there are a few things you can do.

1) Use some type of compiled program for encryption / decryption. You don’t want anyone to open a Python / perl script and say “yeah, it's just XYZ encryption”, although ideally you don't want simple encryption.

2) Security through obscurity is not true security, but it can help against accidental tracking. For example, naming the file "passwords.txt" is not a very good idea, but encrypting your passwords and then using steganography to better smooth the user / pass in some kind of image file.

3) Find strong encryption / decryption algorithms. Some of them are already implemented in most languages, and you can simply import the library. This can be bad or good, depending on how safe you think you want this material.

But honestly, this system is really bad - reasonable security. Ideally, you have two-way authentication, and then a trusted intermediary does the whole wheel and business. For example, when you log on to your computer, you tell the computer that you are an authorized user. From there, you can run all of your programs, and they don’t ask or care about your combination of users and passes - you are simply an authorized user. They get this information from the OS (average person). Heck, even SO uses openID to decide that you are a trusted user - they don’t care what your credentials are on other sites, only that other sites say "Yes, this is a valid user."

If you have the option, I would seriously consider switching the authentication model. If not, good luck.

+5
source

As for real-life live examples, web servers store database login data on the server in plain text. If someone gets access to your server, you are screwed anyway. But protecting these passwords from an unwanted opportunistic intruder, I personally personally like the extra layer to feel safer. Better safe than sorry, right?

Since these passwords are for external systems, it would be prudent to protect them with a different level: encryption. Yes, security through obscurity is bad, but don’t you think that it acts as an excellent deterrent if someone had to stumble upon them? Regular text passwords are simply asked to be accepted.

I recommend using 1024-bit encryption, a couple of good algorithms . I also recommend using a random salt with 64/128 bits for each record that you encrypt, so even if the password for one record is forcibly rude, the solution will not work on other records. Random Salting prevents attacks from the Rainbow table, causing your cracker to use brute force for a lot more time.

Yes, these precautions seem paranoid, but if I try to crack my own passwords (of course, for research interest), I can imagine what some kind of evil person might try.

Edit: An example of how salt makes encryption more secure, even if the encryption key is known.

+1
source

Some web servers need to load symmetrically encrypted certificates at startup. To deal with this, they ask for a password at startup. So it is only stored in memory.

Pros:

  • The master password is never saved to disk.
  • The master password cannot be extracted from ps fax .

Minuses:

  • The master password can still be retrieved by a memory dump (by the user running webbserver and root).
  • Your process cannot be automatically restarted without user intervention. This is probably the biggest reason that not many people have this option. Fortunately, web servers rarely crash.
-1
source

Source: https://habr.com/ru/post/1313624/

More articles:


All Articles