bcrypt或任何其他类型的cryto可以跨多台机器/应用程序吗? - can bcrypt or any other kind of cryto be used across multiple machines/applications?

- 此内容更新于:2016-02-01
主题:

所以我想要一个密码存储在一个配置文件,可以在我的服务器/应用程序共享。我从来没有使用一个散列算法bcrypt通过这种方式,但是我有三个应用程序我想使用相同的密码。我真的不想将密码存储在纯文本(它就是在公司网络驱动器),所以我的选择是什么?

原文:

So I want to store a password in a config file that can be shared across my servers/applications. I have never used a hashing algorithm like bcrypt in this manner, but I have 3 applications I want to use the same password for. I really don't want to store the password in plain text (as it will just be out on the company network drive) so what are my options?

网友:你想做什么密码?Bcrypt不支持解密,如果这就是你问的。

(原文:What do you want to do with the password? Bcrypt doesn't support decryption if that's what you're asking.)

楼主:@ArtjomB。我将一组用户的凭证存储在配置当应用程序需要访问第三方软件,他们要使用的凭证。

(原文:@ArtjomB. I'm storing a set of user's credentials in the config so when the applications have to access third party software, they have the credentials to use.)

网友:然后你必须用实际的加密。基本上,任何可以解密。我无法评估如果你需要提供的对称或非对称加密的要求。不管怎样,我有怀疑你做的任何事都只会混淆。

(原文:Then you have to use actual encryption. Basically, anything that can decrypt. I can't assess if you need symmetric or asymmetric crypto from the provided requirements. Either way, I have the suspicion that anything you do will only be obfuscation.)

楼主:@ArtjomB。为这些目的困惑也许是好的。我只需要将保持在纯文本文件中存储的密码。我习惯用bcrypt但我从未使用过它在不同的应用程序所以我想确保它工作在这种情况下(它看起来不像)。你有什么建议我看看吗?

(原文:@ArtjomB. obfuscation is probably ok for these purposes. I just need something that will keep from storing a password in plain-text in the file. I'm used to using bcrypt but I've never used it across different applications so I wanted to make sure it would work in this case (which it doesn't look like it will). What do you suggest I look into?)

网友:使用对称加密的秘密。对称加密的键存储在一个私人的地方,比如shell脚本限制权限;脚本设置一个环境变量的关键。应用程序读取环境变量,并使用它来解密机密。你也可以添加一个方法(如rake任务)加密一个秘密,这个任务可以用来加密机密,加密的秘密然后被粘贴到配置文件或无论。你可能想要使用base64或其他合适的方法翻译名义上二进制密钥,第四,密文。

(原文:Use symmetric crypto for the secrets. Store the key for the symmetric crypto in a private place such as a shell script with restrictive permissions; that script sets an environment variable with the key. The app reads that environment variable and uses it to decrypt the secrets. You may also want to add a way (such as a rake task) to encrypt a secret; that task can be used to encrypt secrets, the encrypted secret then being pasted into the config file or wherever. You probably want to use base64 or some other suitable method to translate the nominally binary key, iv, and ciphertext.)