Posso usare qualcosa di diverso da AES 128 per memorizzare il mio PSCredential?

Question

Posso usare qualcosa di diverso da AES 128 per memorizzare il mio PSCredential?

#1 da (2 voti)

0

Da quello che ho leggi ConvertTo-SecureString memorizzerà una password con AES-128 (che come ho capito è incrinata) ... è possibile utilizzare più bit?

Ho letto in Get-Help il seguente, ma non so come procedere:

If an encryption key is specified by using the Key or SecureKey
parameters, the Advanced Encryption Standard (AES) encryption algorithm is
used. The specified key must have a length of 128, 192, or 256 bits
because those are the key lengths supported by the AES encryption
algorithm. If no key is specified, the Windows Data Protection API (DPAPI)
is used to encrypt the standard string representation.

Inoltre, mi piacerebbe eseguirlo con un'attività pianificata in Windows.

powershell windows-7 password-management aes

posta leeand00 17.08.2016 - 21:23

fonte

1 risposta

Leggi altre domande sui tag powershell windows-7 password-management aes

Strano traffico sul mio NAS, devo preoccuparmi? Perché il generatore di configurazione SSL di Mozilla non disattiva aNULL e MD5?

score 2 · Accepted Answer

Sì, puoi usare fino a AES 256 come menzionato qui .

ConvertFrom-SecureString and ConvertTo-SecureString have two parameters that you can use to change the default behavior. These parameters are –SecureKey and –Key. The –SecureKey parameter takes a SecureString object and the –Key parameter, a byte array (Byte[])

You use –SecureKey with a SecureString memory object that encrypt and decrypt the other SecureString. This does not really help us in our goal of storing secure passwords and accessing them through automation. You would need a SecureString object built, either by unencrypting another string using another option, or by having someone type the SecureString interactively. The first does not solve the problem of it being secured, the second does not solve the automation problem.

The –Key parameter allows you to use a 128-bit (16-byte), 192-bit (24-byte), or 256-bit (32-byte) key and uses the Advanced Encryption System (AES) cipher, also known as the Rijndael cipher, to encrypt/decrypt the SecureString. It is symmetric encryption so you need to provide the same key for encryption as you do when you decrypt the encrypted string back to the SecureString. One way to do this is to embed the key in each script file. Not surprising, this not recommended and results in security not much more secure than just storing the password in plain text in the script. It also makes it difficult to change the key or password which should due frequently using this method. A better choice is to store the key in a separate file from the script and encrypted password.