Masked passwords with PBE encryption (via script)
With option -j, passwords can be encrypted using the PBE method. In principle, this method is a secure method for password protection because the encryption uses a combination of individual values (password, salt, iteration count). When used in configuration files, however, this information must be present, otherwise a decryption is not possible.
The creation of a masked password can be controlled with the additional parameter "o" (i.e. "-jo") so that the password used is not output. So this call parameter cannot be used to mask passwords for configuration files.
The security of masked passwords is therefore comparable to that of obfuscation, i.e. low.
D:\IS_data> bin\password.bat -j "some secret password" specialsalt 57 "another secret password"$JB$MASK-9vbF99y1Bn70y2wxSL8aNgn1wh9k+rDJ$c3BlY2lhbHNhbHQ=$57$YW5vdGhlciBzZWNyZXQgcGFzc3dvcmQ=$D:\IS_data> bin\password.bat -jo "some secret password" specialsalt 57 "another secret password"$JB$MASK-9vbF99y1Bn70y2wxSL8aNgn1wh9k+rDJ$c3BlY2lhbHNhbHQ=$57$$D:\IS_data> bin\password.bat -j "some secret password"$JB$MASK-yvAOIZ1FkE38W3T6NQLV+2Xjsb7yLby8$$0$$D:\IS_data> bin\password.bat -jo "some secret password"$JB$MASK-yvAOIZ1FkE38W3T6NQLV+2Xjsb7yLby8$$0$$→ The displayed "$JB$" value can be copied directly from the console and inserted into the desired configuration file as a password. So, for example,
|
$JB$MASK-9vbF99y1Bn70y2wxSL8aNgn1wh9k+rDJ$c3BlY2lhbHNhbHQ=$57$YW5vdGhlciBzZWNyZXQgcGFzc3dvcmQ=$ |