密码文件混淆 [英] Password file obfuscation
问题描述
我假设你有一个lua脚本,其中包含要发送的命令以及任何秘密数据,并且您希望能够运行此脚本,而无需交互式输入任何内容。
如果是,脚本本身必须能够解密您的秘密数据才能使用它 - 如果攻击者可以读取该脚本,则他可以执行相同的步骤来解密数据(或在调试器或类似操作中运行)。因此,不可能真的隐藏脚本中的秘密数据。使用你的系统文件权限来确保没有人,而你和执行它的进程可以读取脚本。
那就是说,如果你不想阻止真正的攻击者,但是只想避免偶然的阅读器读取密码,任何编码方案都会做 - 从简单的Rot13到Base64到hex编码。但你应该意识到这不是安全措施。
I am using lua to administrate a firewall server and want to obfuscate sensible variables such as login data. I have tried luac but the variable content is still easily readable. Is there any way to encrypt/decrypt these sensible data?
I'm assuming you have a lua script which contains both the commands to send as well as any "secret data", and you want to be able to run this script without having to type in anything interactively.
If so, the script itself must be able to decrypt your secret data in order to use it - and if an attacker can read the script, he can do the same steps to decrypt your data (or run it in a debugger or similar). Thus, it is impossible to really hide the secret data in your script. Use your systems file permissions to ensure nobody but you and the process that executes it can read the script.
That said, if you do not want to hinder real attackers, but only want to avoid casual lookers reading the password, any encoding scheme will do - from simple Rot13 over Base64 to hex-encoding. But you should be conscious that this is not a security measure.
这篇关于密码文件混淆的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
