Complex Lucid passwords and the command-line

  • Updated

LucidLink recommends the use of strong complex passwords in order to secure your Filespace from malicious actors.

It is often the case that password managers automatically generate passwords which comprise upper, lower, number and symbol characters.

Although best practice, the reality is, these passwords are often hard to pass if they contain special characters, which require escaping. 

Each operating system terminal emulator has specific characters reserved for certain operations. These characters when passed will be interpreted in a certain manner which may change the command-line syntax.

A simple way to get around it is with Base64 encoding and decoding which will enable obfuscating the characters individual or double meaning in order to apply our command-line syntax correctly.

Base64 is not a secure way to encrypt data. As you will see it can be easily decoded. It is used to convert complex text into a reliable, convenient format.

There are many ways to accomplish this escaping of our special characters double meaning. See escape characters. Later in the article we will explore manual methods.

For the purposes of this article we will define our complex password as complex~^@|;&$*pwd to trip up most command-line interpreters.

In this article we will provide Windows and Linux command-line variations, along with real-world use cases of connecting to a Filespace and performing your typical operations.

Lets get started!

 

Linux (Bash)

Encode

echo -n 'complex~^@|;&$*pwd' | base64

Decode

echo -n 'Y29tcGxleH5eQHw7JiQqcHdk' | base64 --decode

Windows (PowerShell)

Encode

[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("complex~^@|;&$*pwd"))

Decode

[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("Y29tcGxleH5eQHw7JiQqcHdk"))

 

Launching a Filespace  with the user password piped output of our decoded password to our daemon.

Linux (Bash)

echo -n 'Y29tcGxleH5eQHw7JiQqcHdk' | base64 --decode | lucid daemon --fs <filespace.domain> --user <fsuser>

Windows (PowerShell)

[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("Y29tcGxleH5eQHw7JiQqcHdk")) | lucid daemon --fs <filespace.domain> --user <fsuser>

Installing Windows service (PowerShell)

lucid service --install
lucid service --start
[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("Y29tcGxleH5eQHw7JiQqcHdk")) | lucid link --fs <filespace.domain> --user <fsuser>

Installing Linux service (systemd)

systemd is different to Bash and as such requires different methods to escape.

systemd software suite includes systemd-escape which can assist in the escaping requirements inside systemd units. See this article

Our systemd installation and management script supports certain methods of Bash special character escaping as well as with systemd-escape.

 

Preparing for passing commands utilizing a decoded environment variable. 

Linux (Bash)

password=$(echo -n 'Y29tcGxleH5eQHw7JiQqcHdk' | base64 --decode)

Windows (PowerShell)

$password=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("Y29tcGxleH5eQHw7JiQqcHdk"))

 

Lucid command-line management with our decoded environment variable.

echo $password | lucid user <option>
echo $password | lucid group <option>
echo $password | lucid permission <option>
echo $password | lucid config --set --global <--key [value]>

 

We've learnt the Base64 method of converting our characters to plaintext in order translate successfully our operating system's command-line interpretation.

Now let us explore some more advanced methodologies to demonstrate our point that special characters and operating environments differ dramatically, equally does what is determined a special character. 

Manual escaping our password complex~^@|;&$*pwd

Linux (Bash) \ method, our special characters are | ; & $.

lucid <command> --password complex~^@\|\;\&\$*pwd

Windows (PowerShell) ` method, our special characters are | ; &. Note: $ would be if it didn't neighbour * as it could be interpreted as a variable.

lucid <command> --password complex~^@`|`;`&$*pwd

 

Typically, wrapping your complex password in single quote ' or double " quotes could be sufficient however individual characters can be escaped, dependant on the character and operating environment. 

For example, should your complex password include a ' or " you'll need to escape these characters accordingly. 

Lets assume our password is wrapped in and already contains double " quotes and is "complex~^@|;&$*pwd".

Linux (Bash)

lucid <command> --password '"complex~^@|;&$*pwd"'

or

lucid <command> --password \"complex~^@\|\;\&\$*pwd\"

Windows (PowerShell)

lucid <command> --password '\"complex~^@|;&$*pwd\"'

 

As you can see there are various methods for approaching the escaping of special characters in complex passwords. LucidLink recommends your passwords contain as many variations of characters as possible to secure your data. 

Certain special characters will no doubt always be challenges in command-line instructions, understanding escaping techniques will make the command syntax simple and easy to interface without difficulty. 

 

Was this article helpful?

0 out of 0 found this helpful