Re: encryption
On Sat 21 Apr 2018 at 13:54:03 -0500, David Wright wrote:
> On Sat 21 Apr 2018 at 19:14:06 (+0100), Brian wrote:
> > On Sat 21 Apr 2018 at 11:36:05 -0500, David Wright wrote:
> >
> > > On Fri 20 Apr 2018 at 20:38:48 (+0100), Brian wrote:
> > > > T have a script. It contains an important password.
> > >
> > > If you cat /usr/local/bin/myscript do you see your important
> > > password on the screen?
> >
> > With the unencrypted file - yes. With the encrypted file -no.
> > >
> > > > I have encrypted the script with
> > > >
> > > > scrypt [enc] -t 10 /usr/local/bin/myscript
> > > >
> > > > I can, of course, decrypt it with
> > > >
> > > > scrypt dec /usr/local/bin/myscript
> > > >
> > > > and then execute the script.
> > > >
> > > > The two last steps have been combined into
> > > >
> > > > DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT"
> > > >
> > > > Should I have any more concerns with this command than I have with the
> > > > two-step process?
> > >
> > > If so, then won't the password be revealed by ps while eval is
> > > evaluating it?
> >
> > I do not know the most efficacious way to see the ps output in real time
> > as eval runs. With a bit of trial and error (scrypt is slow enough to
> > switch to another console and use ps) I captured
> >
> > 23266 pts/7 R+ 0:00 mpw -q -F -M -t railcard
> >
> > in its output. mpw is the basic command executed by myscript. Switches
> > are shown but not parameters. -M is the very important one. The gap
> > would be occupied by the passphrase.
> >
> > Is it possible that ps output does not show parameters to switches?
>
> Not AFAIK. Here, I can see lines in the list such as:
Then I do not understand why paramters are not shown. Maybe they come
later in the output? I can forsee a few sleepness nights trying to
figure this out. :)
At this juncture it appears I should have no worries about ps revealing
the secret.
> 1247 ? Ss 0:00 wpa_supplicant -B -i wlp2s0 -c /var/lib/wicd/configurations/44xxfcxxxxxx -Dwext
> 1706 tty1 S 0:00 xterm -geometry 110x38+0+0 -fn neep-iso10646-1-18 -xrm *Page: 3 1
>
> As you can see, I've mangled the MAC of my router that would be revealed otherwise.
>
> And I wouldn't like to rely on winning a race with ps to avoid capture
> of information exposed in my command lines.
I am not after winning any races but (seeing as you brought the issue
up) knowing whether ps sees my secret and how to go about finding that
out.
--
Brian.
Reply to: