1 / 6

Passw3rd

Passw3rd. Neil Matatall @ nilematotle oreoshake. What is it?. Cross-platform, cross-language password management for applications Keeps passwords out of code and configuration files, but keeps them in encrypted files that can be checked into version control

devika
Download Presentation

Passw3rd

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Passw3rd Neil Matatall @nilematotle oreoshake

  2. What is it? • Cross-platform, cross-language password management for applications • Keeps passwords out of code and configuration files, but keeps them in encrypted files that can be checked into version control • Keys for dev/test can be checked in, but prod keys must be protected

  3. Give me the run down • Generate keys: passw3rd –g <-k path> generated keys in /Users/neil (creates .passw3rd-encryptionIV and .passw3rd-encryptionKey) • Create a password file $ passw3rd –e file_name <-p path> <-k path> Enter the password: Wrote password to /Users/neil/file_name • Verify the password can be retrieved $ passw3rd –d file_name <-p path> <-k path> The password is: asdf

  4. Business model

  5. Phase 3: Profit • Need a password rotation? • Fine, just create a new password file for the affected accounts • Need a new server? • Just make the keys part of your build script • Need to rotate your key? • Trivial, decrypt with the old, encrypt with the new Wait, hold on a second you can’t change… oh yeah that sounds like a good idea…

  6. Questions? https://github.com/oreoshake/passw3rd https://github.com/oreoshake/passw3rd_java http://rubygems.org/gems/passw3rd https://www.owasp.org/index.php/OWASP_Passw3rd_Project#tab=Project_About

More Related