I'm writing a client-side program (in C) to access a certain web site, and I'd like to implement a 'remember password' feature in it. I don't think storing it in plain text is a good idea (what if the user's running malicious software which might find the password?), so I'm wondering. what's the best way of storing a password in such a case? I need to be able to recover it verbatim (a hash/salt won't do, the server needs the entire password), and the solution needs to be somewhat portable (it has to work at least on GNU/Linux).
You can use the lib openssl and write the password crypted with aes in a file. The location of the file may be only know by user.
Else, you can use a system variable as key.
If the user compile the program, you can generate a key and compile with (so store it in the executable)
Related
I'm working on a C project that makes connections to remote servers. Commonly, this involves using some small terminal macros I've added to my makefile to scp an executable to that remote server. While convenient, the only part of this I've not been able to readily streamline is the part where I need to enter the password.
Additionally, in my code, I'm already using system() calls to accomplish some minor terminal commands (like sort). I'd ALSO like to be able to enter a password if necessary here. For instance, if I wanted to build a string in my code to scp a local file to my remote server, it'd be really nice to have my code pull (and use) a password from somewhere so it can actually access that server.
Does anyone a little more experienced with Make know a way to build passwords into a makefile and/or a system() call in C? Bonus points if I can do it without any third-party software/libraries. I'm trying to keep this as self-contained as possible.
Edit: In reading responses, it's looking like the best strategy is to establish a preexisting ssh key relationship with the server to avoid the login process via something more secure. More work up front for less work in the future, by the sound of it, with additional security.
Thanks for the suggestions, all.
The solution is to not use a password. SSH, and thus SCP, has, among many many others, public key authentication, which is described all over the internet. Use that.
Generally, the problem you're trying to solve is called secret management, and the takeaway is that your authentication tokens (passwords, public keys, API keys…) should not be owned by your application software, but by something instructing the authenticating layer. In other words, the way forward really is that you enable SSH to connect on its own without you entering a password by choosing something that happens to not be an interactive authentication method. So, using a password here is less elegant than just using the generally favorable method of using a public key to authenticate with your server.
Passing passwords as command line option is generally a bad idea – that leaks these passwords into things like process listings, potentially log entries and so on. Don't do it.
Running ssh-keygen to create the keys. Then, adding/appending the local system's (e.g) .ssh/id_rsa.pub file to the remote's .ssh/authorized_keys file is the best way to go.
But, I had remote systems to access without passwords but the file was not installed on the remote (needing ssh-keygen to be run on the remote). Or, the remote .ssh/authorized_keys files did not have the public key from my local system in it.
I wanted a one-time automated/unattended script to add it. A chicken-and-the-egg problem.
I found sshpass
It will work like ssh and provide the password (similar to what expect does).
I installed it once on the local system.
Using this, the script would:
run ssh-keygen on the remote [if necessary]
Append the local .ssh/id_rsa.pub public key file to the remote's .ssh/authorized_keys
Copy back the remote's .ssh/id_rsa.pub file to the local system's .ssh/authorized_keys file [if desired]
Then, ssh etc. worked without any passwords.
UPDATE:
ssh_copy_id is your fried, too.
I had forgotten about that. But, when I was doing this, I had more complex requirements.
The aforementioned script would merge/combine all the public keys and update all the authorized_keys files on all the systems. This would be repeated anytime any new system was added to the mix.
you never need to run ssh-keygen on a remote host, especially not to generate an authorized_keys file. –
Marcus Müller
I think that was inferred but not implied as a requirement [particularly in context]. I hope the answer wasn't -1 for that.
Note that (1) ssh-keygen is needed for (3) copy back the public key.
Ironically, one of the tutorial pages for ssh-copy-id says run ssh-keygen first ...
It's been my exerience when setting up certain types of systems/clusters (e.g. a development host/PC and several remote/target/test ones), if one wants to do local-to-remote actions, invariably one wants to do:
remote-to-local actions -- (e.g.) I'm ssh'ed into a remote system and want to do rcp back to the development system.
The remote system needs to do a git clone/pull from [and, sometimes, git push to] the local git server.
remote-to-remote -- copying/streaming data between target systems.
This requires that each system have a private/public key pair and all systems have an authorized_keys file that has the public keys of all the other systems.
When I've not set up the systems that way it usually comes back to haunt me [usually late at night when I'm tired]. So, I just [axiomatically] set it up that way at the outset.
One of the reasons that I developed the script in the first place. Also, since we didn't want to have to maintain a fork of a given system/distro installer for production systems, we would:
Use the stock/standard distro installer CD/USB
Use the script to add the extra/custom config, S/W, drivers, etc.
What I need, boiled down, is a way to 'selectively' encrypt either a folder or a zip file - Whatever the solution would be, it needs to block (or redirect) all reads/writes EXCEPT from one specific program (not mine, a legacy application that I do not have source code access to - I cannot modify the program who would have the sole permission to perform reads and writes on the encrypted folder/zip file). I would like to avoid having a constantly running background app (as all the end-user would have to do to circumvent the protection would be to kill the program)
The purpose is to, of course, protect the files within the folder from tampering.
I could modify folder permissions at install, but this would block all programs from access wouldn't it? I more or less need to only block File Explorer from accessing the files, but not the program which needs to read them... if that makes sense. Or, if I could protect the (plaintext) files somehow without affecting the legacy application's reading of them... argh.
I wonder if it would be possible with CreateProcess() to run the legacy application as a high-level user and give the folders it needs access to the same permission, such as TrustedInstaller or SYSTEM, (who, in Windows, own things that not even administrators can touch, like System Volume Information)
This would allow the program to read/write to the folders, but not the user.
I was looking at LockFile, seems to be close to what I am looking for but not quite. I need something like semi-exclusive access.
I am fairly fluent in C++, Visual Basic.net, only some Python, but I am willing to use any language which would allow a solution to this problem (Though it probably could be implemented in any language, if possible at all.)
I've got a web application that I know to be written in C, that's running on a specified IP address and port. I can access the application either with telnet or nc. With each of those, once connecting I'm prompted for input.
Since I've got a copy of the binary, running it through strings and hd showed me that the application is looking for a particular string to validate.
There's a file sitting on that domain that I'd like to access, which I can't seem to do with telnet or nc, so I'm thinking that either cURL or ftp would be the better bet here.
However, since the string validation that happens with this running service isn't really a password, I'm not sure how to pass this string value into the service with cURL or ftp. My gut tells me that I probably need to structure the command as a POST, but since this definitely isn't an HTTP service, I'm not sure how to proceed.
Any ideas?
(not an answer, but too long to post as a comment)
when dealing with undocumented custom protocols, telnet/curl/wget is definitely not suitable, and nc is not practical. write your own client.
you say the server is expecting a string? well, maybe you could run a dictionary attack on it, make a client that tries everything in a large dictionary (like this?), looking for any non-standard response, and go from there. add any strings you find in the binary too, ofc
if that gets you nowhere, maybe the binary is vulnerable to timing attacks? maybe you can extract a string that it is looking for, through a timing attack
and because you already have the binary, you could run it through a disassembler and study the assembly code, it should reveal both whether or not it's timing-attack vulnerable, and, if the strings are hardcoded, what string it is looking for, albeit, reading compiled assembly code is really difficult.. (game crackers does this all the time for cracking video game copy protections)
I am making a small project for college in GAE (using Java) in which I implement a form of "messaging service" where when a user sends a message to another user, the message is encrypted by 128-bit AES using Java crypto libraries and then stored on the server. The resulting key then has to be entered by the recipient to be able to read the message.
I now want to incorporate file upload (attachment) capability in this. So that when a user attaches a file (which can be ANY file, jpg,gif,txt,pdf,doc,exe,etc...), it is first encrypted and then stored. I want to interpret any file like a txt file (a sequence of characters), so that encryption/decryption can be done by existing code. (Does this even make sense? I am thinking of this because you can open any file in notepad and see the file as a sequence of characters). I would like to keep a limit on size of attachment as something like 5-10 Mb, but if for some reason this can only be done for even smaller sizes (<1Mb) even then its fine with me.
So if a user attaches a file, say abc.exe, I interpret it as a txt file, abc.txt and encrypt it along with the message. Then when recipient enters the correct key, I decrypt the message and file abc.txt, but serve as abc.exe. (I can ask the user to first convert any file to .txt, but that would be awkward)
Can this be done? And I am a novice to web development, servlets and GAE (my first project using any of these), so please bear with me.
Thank You !!
Well, the simple asnwer is yes: it can be done. The normal operation is to read the file as binary, encrypt the data, then base 64 encode it. Then the receiving side base 64 decodes it, decrypts it and probably writes the data. Base 64 will grow the data though, using 4 characters for every 3 bytes (+ maybe one or two padding bytes at the end).
If you need more information with it, such as the file name, you need to create some kind of container for the data and encrypt that. One solution is to use ASN.1 although that has a relatively large learning curve.
To view an example of this, take a look at the SMIME specifications and the CMS (cryptographic message syntax) which defines mail with encrypted attachments. CMS is broadly used. CMS is available in the bcmail (or subsequent) package of Bouncy Castle.
Note that you need some kind of authentication/integrity protection if you are creating an online protocol with encryption. A good PKI infrastructure may also be needed. This is a pretty large project to undertake.
I am allowing users to upload photos like photo albums, and also attach files (documents for now) as mail attachments. So i assume I need some anti virus/security tool in place to scan the files first in case people upload infected stuff. So two questions:
1) Are there any 'free' or open source tools for this I can use or integrate into my environment: codeignitor php?
2) How to secure the upload area from rest of the system? Say the virus scanner fails to catch a virus and it is uploaded, how to prevent it from infecting other files? Like can the upload area be sandboxed in or something always and use that filepath for users to access the content so it does not spread to other parts of the system?
There is clamav for a free virus scanner. Install it and you could do something like:
function virus_detected($filename)
{
$clamscan = "/usr/local/bin/clamscan";
$result = exec("$clamscan -i --no-summary $filename");
return strlen($result)?true:false;
}
As for security, make sure the temporary files are uploaded to a directory outside of your web root. You should then verify the file type, rename the file to something other than it's original file name and append the appropriate extension (gif,jpg,bmp,png). I believe this should keep you fairly safe aside from exploits in php itself.
For more information about verifying file types in php check out:
http://www.php.net/manual/en/function.finfo-file.php
I know this topic hasn't been active for three years now, but, in case anyone else in the future, similarly, is looking for a PHP-based anti-virus solution, for those without an anti-virus daemon, program or utility installed on their host machine and without the ability to install an anti-virus daemon, program or utility, phpMussel, a PHP script that I've written based on ClamAV that fits the bill for what Rohit (the the original poster) was looking for (a PHP-based anti-virus to protect their CMS against malicious file uploads), may possibly be a viable solution. It certainly isn't perfect and I can't guarantee that it'll catch everything, but by far, it's certainly better than using nothing at all.
Ideally, as per already suggested above by Matt, making a call to shell to have ClamScan scan the file uploads is definitely an ideal solution, and if this is something that a hostmaster, webmaster or anyone in Rohit's situation is able to do, I'd second that suggestion wholly. What I've written, because it is a PHP script, has limitations inherent to anything that relies wholly on PHP in order to function, but, in instances where the aforementioned suggestion and/or similar suggestions aren't a possibility (such as if the host machine doesn't have an anti-virus installed and shell access is disabled; common with cheaper shared hosting solutions), that's where what I'm suggesting here could potentially step in - Something that only requires PHP to be installed (with PCRE extension included, which is standard with PHP nowadays anyhow), and nothing more.
Also remember, as Matt has already suggested, to always upload outside of your root directory, to ensure that uploaded files can't be exploited by attackers (such as in the event of an attacker attempting to compromise your system by uploading backdoors or trojans) - Viruses are not the only threat you need to worry about, and the vast majority of anti-virus solutions nowadays do not solely focus on viruses. Matt is also entirely correct in pointing out that no anti-virus solution is perfect, and for that reason, anyone allowing file uploads to their website or server needs to remain vigilant - An anti-virus solution is a must-have for anyone in that situation, but no holy grail of internet security that'll cover every possible threat exists. Also, renaming files isn't only about ensuring that they can't execute (as may be somewhat inferred by the original poster's reply comment regarding EXEs) - The risk of threats such as directory traversal attacks can be reduced by renaming files as well as the risk associated with an attacker attempting to override an already existing file on a targeted system as a means to hide their dirty-work.
Regarding the threat of files that may be malicious being missed by an anti-virus solution and then potentially infecting the system where they are being uploaded to; What a hostmaster or webmaster could potentially do in this situation is employ some sort of quick and simple encoding process that'd render the file non-executable by the system itself, but which can be easily and readily reversed by the PHP script responsible for calling that file on request, such as by way of using base64_encode(), bin2hex(), or even by just rotating a few characters and adding a salt to displace the file's magic number or something similar.