Best way to encrypt/decrypt a word

[Ruby Student]

[Note: parts of this message were removed to make it a legal post.]

Hello Team,

I have the need to encrypt/decrypt a one word string. The encrypted word
will be saved in a file.
Later the word will be picked-up from the file, decrypt it at execution
time, and use it as a UNIX password to perform certain function that
requires authentication.
What Ruby facility is available for this simple function?

Thank you

 

[Iñaki Baz Castillo]

El Jueves, 5 de Febrero de 2009, Ruby Student escribi=C3=B3:

Hello Team,

I have the need to encrypt/decrypt a one word string. The encrypted word
will be saved in a file.
Later the word will be picked-up from the file, decrypt it at execution
time, and use it as a UNIX password to perform certain function that
requires authentication.
What Ruby facility is available for this simple function?

The problem is:
Even if the UNIX password is encrypted by the Ruby programm, if an attacker=
=20
can see the Ruby code it can know how to decrypt it.


=2D-=20
I=C3=B1aki Baz Castillo

 

[Ruby Student]

El Jueves, 5 de Febrero de 2009, Ruby Student escribi=F3:

The problem is:
Even if the UNIX password is encrypted by the Ruby programm, if an attack= er
can see the Ruby code it can know how to decrypt it.

I=F1aki,
You are correct. However, we are behind several firewalls.
Also, the file with the encripted password will be place within a "secured"
dir.

Thank you

--=20
Ruby Student

 

[Iñaki Baz Castillo]

El Jueves, 5 de Febrero de 2009, Ruby Student escribi=C3=B3:

You are correct. However, we are behind several firewalls.
Also, the file with the encripted password will be place within a "secure= d"
dir.

It seems there are some solutions:

http://snippets.dzone.com/posts/show/991
http://snipplr.com/view/3958/encrypting--decrypting-passwords-using-ezcrypt=
o/
http://stuff-things.net/2007/06/11/encrypting-sensitive-data-with-ruby-on-r=
ails/
http://groups.google.cl/group/rubyonrails-talk/browse_thread/thread/ce2413f=
d2e2929b2



=2D-=20
I=C3=B1aki Baz Castillo

 

[Daniel Berger]

Hello Team,

I have the need to encrypt/decrypt a one word string. The encrypted word
will be saved in a file.
Later the word will be picked-up from the file, decrypt it at execution
time, and use it as a UNIX password to perform certain function that
requires authentication.
What Ruby facility is available for this simple function?

Rotate the password in the file. Remember the rotation level. And
then...

require 'crypt/rot13'

rotation =3D 4
encrypted_password =3D IO.read(some_file)
password =3D Crypt::Rot13.new(encrypted_password, -rotation)

MWAHAHAHAH!

Hey, you didn't specify the _level_ of encryption. >

Regards,

Dan

 

[Petite Abeille]

Hey, you didn't specify the _level_ of encryption. >

Ah, yes, the famous 2ROT13 encryption algorithm:

http://www.mobikom.at/2rot13.pdf

Cheers,

 

[Eleanor McHugh]

Ah, yes, the famous 2ROT13 encryption algorithm:

http://www.mobikom.at/2rot13.pdf

Or at the other extreme use OpenSSL. You'll find RSA and DSA examples
in most of the presentations linked in my sig.
To be honest though, unless it's a long word you're encrypting you
probably shouldn't worry about it.


Ellie

Eleanor McHugh
Games With Brains
http://slides.games-with-brains.net

 

[Robert Klemme]

You are correct. However, we are behind several firewalls.
Also, the file with the encripted password will be place within a "secure= d"
dir.

Well... I'd rather do something different: set up ssh with ssh-agent
so that you can do automated logins. Not sure whether that works with
Ruby's Net::SSH but you can fork a SSH shell via system or IO.popen.
Of course, in this scenario someone has to enter the passphrase
once...

My 0.02EUR

Kind regards

robert

 

[Ruby Student]

Well... I'd rather do something different: set up ssh with ssh-agent
so that you can do automated logins. Not sure whether that works with
Ruby's Net::SSH but you can fork a SSH shell via system or IO.popen.
Of course, in this scenario someone has to enter the passphrase
once...

My 0.02EUR

Kind regards

robert

Actually Robert, your idea might work. Let me give you the background:

We have two AIX (IBM flavor of UNIX) servers, s1 and s2 for argument sake.
s1 is an application server, while s2 is a DB2 server.
There is an SQL utility on s2 which we need to trigger (run), and which
execution will be initiated on s1 via ssh.
The Ruby utility running on s1 will eventually receive a return code from
the SQL utility running on s2 and will take appropriate action based on the
RC.

Now, to execute the SQL utility in the DB2 server, one has to use a
userid/pw which exists on DB2.
We want to encrypt the pw once, which a user will entered, and save it in a
file.
The Ruby utility will read that file and at execution time decipher the pw
and send the request.

We don't want to place an un-encrypted pw in a file, which is why I wanted =
a
cypher/decipher utility.
I found that crypt is one way encryption utility. In other words, I can
cypher but can't decipher with it.

Thanks to everyone for their input so far.

--=20
Ruby Student