I am using lua to administrate a firewall server and want to obfuscate sensible variables such as login data. I have tried luac but the variable content is still easily readable. Is there any way to encrypt/decrypt these sensible data?
问题:
回答1:
I'm assuming you have a lua script which contains both the commands to send as well as any "secret data", and you want to be able to run this script without having to type in anything interactively.
If so, the script itself must be able to decrypt your secret data in order to use it - and if an attacker can read the script, he can do the same steps to decrypt your data (or run it in a debugger or similar). Thus, it is impossible to really hide the secret data in your script. Use your systems file permissions to ensure nobody but you and the process that executes it can read the script.
That said, if you do not want to hinder real attackers, but only want to avoid casual lookers reading the password, any encoding scheme will do - from simple Rot13 over Base64 to hex-encoding. But you should be conscious that this is not a security measure.
回答2:
If you're allowed to use compiled libraries (ie. LuaRocks), you can use the Kepler MD5 library to encrypt/decrypt the data- and if you can have the script prompt for a password, you can even make it (reasonably) secure. (If you can't prompt for a password, as Paulo says, obfuscation is the best you can hope for.)