calling all PoSh gurus encrypt question..?

Hey PoSh gurus,

with the encryption on a PoSh file to run them, does the encryption on the file hide all the code and text from anything but the Posh Environment? or to what extent....I have some programs/scripts I have built that I would like to change to PoSh so it can hide the passwords that I have used in some of my scripts...vs text only file easily readable by spyware. Is this possible with PoSh?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

HeroPsycho

It is possible with Posh to encrypt the credentials natively, but it is security through obscurity level encryption, not industrial strength. If someone got ahold of the encrypted blob, they would easily be able to get the passwords out.

http://www.leeholmes.com/blog/ImportingAndExportingCredentialsInPowerShell.aspx

itdaddy

HeryPsycho

hey thanks for the article.I appreciate your insight. You would think they would have a file that is shared by many scripts (i like that idea) that is decrypted for the password each time say program required it as a norm..that is cool if I can encrypt it with something. I wish some of my commands could just run on a the machine as admin but they don't...they need that dam n password that is senstive..hum!?
I guess some encryption is better than none...thanks man!

HeroPsycho

Might consider invoking the script with a scheduled task using a bat file that invokes Powershell.exe and the script.

itdaddy

Rob Costello : Powershell Tip - Storing and Using Password Credentials

Master-PowerShell | With Dr. Tobias Weltner - PowerShell.com

dude found this link..and your idea of running it from a scheduled task is good tooo..for the encryption good idea...

yeah what sucks is nowadays sha1 2 and md5 can be cracked haha
I am sure you have seen it like I have in some CeH snippet courses hee hee...I was hoping PoSh would use SSL to encrypt its credentials.;(

tiersten

itdaddy wrote: »

Rob Costello : Powershell Tip - Storing and Using Password Credentials

I wouldn't rely on that to secure any important passwords.

itdaddy wrote: »

yeah what sucks is nowadays sha1 2 and md5 can be cracked haha

SHA-1 and MD5 have both been shown to be vulnerable to collisions with examples. SHA-2 is only mathematically proven to be vulnerable to similar techniques used on SHA-1.

They're hash functions anyway. They're not used to encrypt.

itdaddy wrote: »

I was hoping PoSh would use SSL to encrypt its credentials.

SSL and TLS are protocols to handle encryption of network connections. They're not encryption algorithms themselves.

itdaddy

tiersten

what would you suggest? I thought powershell was suppose to be this super secure CLI???

thanks..I need to do some looking into what each does sha1, sha2, md5 ssl /tls etc.... I just know when I was watching Winstructor videos he used SHA1 for something ? in power shell scripts along with the makecert.exe program...
need to brush up on all this Sec+ .. I know enough to be dangerous hee hee
thanks