Re: encryption

To: debian-user@lists.debian.org
Subject: Re: encryption
From: Brian <ad44@cityscape.co.uk>
Date: Sat, 21 Apr 2018 20:10:27 +0100
Message-id: <[🔎] 21042018195951.26d5b9bcb7f0@desktop.copernicus.org.uk>
In-reply-to: <[🔎] 20180421185403.GB9661@alum>
References: <[🔎] 20042018201750.130d9143617e@desktop.copernicus.org.uk> <[🔎] 20180421163605.GA8694@alum> <[🔎] 21042018185805.6d8f2ce1c3ab@desktop.copernicus.org.uk> <[🔎] 20180421185403.GB9661@alum>

On Sat 21 Apr 2018 at 13:54:03 -0500, David Wright wrote:

> On Sat 21 Apr 2018 at 19:14:06 (+0100), Brian wrote:
> > On Sat 21 Apr 2018 at 11:36:05 -0500, David Wright wrote:
> > 
> > > On Fri 20 Apr 2018 at 20:38:48 (+0100), Brian wrote:
> > > > T have a script. It contains an important password.
> > > 
> > > If you   cat /usr/local/bin/myscript   do you see your important
> > > password on the screen?
> > 
> > With the unencrypted file - yes. With the encrypted file -no.
> > > 
> > > > I have encrypted the script with
> > > > 
> > > >   scrypt [enc] -t 10 /usr/local/bin/myscript
> > > > 
> > > > I can, of course, decrypt it with
> > > > 
> > > >   scrypt dec /usr/local/bin/myscript
> > > > 
> > > > and then execute the script.
> > > > 
> > > > The two last steps have been combined into
> > > > 
> > > >   DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT"
> > > > 
> > > > Should I have any more concerns with this command than I have with the
> > > > two-step process?
> > > 
> > > If so, then won't the password be revealed by ps while eval is
> > > evaluating it?
> > 
> > I do not know the most efficacious way to see the ps output in real time
> > as eval runs. With a bit of trial and error (scrypt is slow enough to
> > switch to another console and use ps) I captured
> > 
> > 23266 pts/7    R+     0:00 mpw -q -F     -M                                       -t     railcard
> > 
> > in its output. mpw is the basic command executed by myscript. Switches
> > are shown but not parameters. -M is the very important one. The gap
> > would be occupied by the passphrase.
> > 
> > Is it possible that ps output does not show parameters to switches?
> 
> Not AFAIK. Here, I can see lines in the list such as:

Then I do not understand why paramters are not shown. Maybe they come
later in the output? I can forsee a few sleepness nights trying to
figure this out. :)

At this juncture it appears I should have no worries about ps revealing
the secret.

>  1247 ?    Ss 0:00 wpa_supplicant -B -i wlp2s0 -c /var/lib/wicd/configurations/44xxfcxxxxxx -Dwext
>  1706 tty1 S  0:00 xterm -geometry 110x38+0+0 -fn neep-iso10646-1-18 -xrm *Page: 3 1
> 
> As you can see, I've mangled the MAC of my router that would be revealed otherwise.
> 
> And I wouldn't like to rely on winning a race with ps to avoid capture
> of information exposed in my command lines.

I am not after winning any races but (seeing as you brought the issue
up) knowing whether ps sees my secret and how to go about finding that
out.

-- 
Brian.

Reply to:

Follow-Ups:
- Re: encryption
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: encryption
  - From: David Wright <deblis@lionunicorn.co.uk>

References:
- encryption
  - From: Brian <ad44@cityscape.co.uk>
- Re: encryption
  - From: David Wright <deblis@lionunicorn.co.uk>
- Re: encryption
  - From: Brian <ad44@cityscape.co.uk>
- Re: encryption
  - From: David Wright <deblis@lionunicorn.co.uk>

Prev by Date: Re: encryption
Next by Date: Re: X does not work in Debian 9.4
Previous by thread: Re: encryption
Next by thread: Re: encryption
Index(es):
- Date
- Thread