passw3rd neil matatall @nilematotle oreoshake. what is it? cross-platform, cross-language password...
TRANSCRIPT
![Page 1: Passw3rd Neil Matatall @nilematotle oreoshake. What is it? Cross-platform, cross-language password management for applications Keeps passwords out of](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfd91a28abf838caf613/html5/thumbnails/1.jpg)
Passw3rd
Neil Matatall@nilematotle
oreoshake
![Page 2: Passw3rd Neil Matatall @nilematotle oreoshake. What is it? Cross-platform, cross-language password management for applications Keeps passwords out of](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfd91a28abf838caf613/html5/thumbnails/2.jpg)
What is it?
• Cross-platform, cross-language password management for applications
• Keeps passwords out of code and configuration files, but keeps them in encrypted files that can be checked into version control
• Keys for dev/test can be checked in, but prod keys must be protected
![Page 3: Passw3rd Neil Matatall @nilematotle oreoshake. What is it? Cross-platform, cross-language password management for applications Keeps passwords out of](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfd91a28abf838caf613/html5/thumbnails/3.jpg)
Give me the run down
• Generate keys: passw3rd –g <-k path> generated keys in /Users/neil (creates .passw3rd-encryptionIV and .passw3rd-encryptionKey)
• Create a password file $ passw3rd –e file_name <-p path> <-k path> Enter the password: Wrote password to /Users/neil/file_name
• Verify the password can be retrieved $ passw3rd –d file_name <-p path> <-k path> The password is: asdf
![Page 4: Passw3rd Neil Matatall @nilematotle oreoshake. What is it? Cross-platform, cross-language password management for applications Keeps passwords out of](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfd91a28abf838caf613/html5/thumbnails/4.jpg)
Business model
![Page 5: Passw3rd Neil Matatall @nilematotle oreoshake. What is it? Cross-platform, cross-language password management for applications Keeps passwords out of](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfd91a28abf838caf613/html5/thumbnails/5.jpg)
Phase 3: Profit
• Need a password rotation?– Fine, just create a new password file for the
affected accounts• Need a new server?– Just make the keys part of your build script
• Need to rotate your key?– Trivial, decrypt with the old, encrypt with the new
Wait, hold on a second you can’t change… oh yeah that sounds like a good idea…
![Page 6: Passw3rd Neil Matatall @nilematotle oreoshake. What is it? Cross-platform, cross-language password management for applications Keeps passwords out of](https://reader036.vdocuments.us/reader036/viewer/2022082821/5697bfd91a28abf838caf613/html5/thumbnails/6.jpg)
Questions?
https://github.com/oreoshake/passw3rdhttps://github.com/oreoshake/passw3rd_javahttp://rubygems.org/gems/passw3rdhttps://www.owasp.org/index.php/OWASP_Passw3rd_Project#tab=Project_About