On Wednesday 09 May 2007 03:00:12 SC-L Subscriber Dave Aronson wrote:
> What happens when the user changes his password?  I didn't quite follow it
> all, but it looks to me like that means that all of a user's data has to be
> decrypted and re-encrypted.  You didn't tell us how much data that is, so
> I'm going to ass-u-me that it *could* be a lot.
Probably not so much that re-encrypting would be a problem. I'm not exactly 
sure how much, it depends totally on how much the end-users use this part of 
the system. I would expect 10s of Mb, maybe into the 100s.

> Perhaps you could base the encryption on more stable data, such as the user
> name combined with when the user joined.  This could be used to encrypt the
> data directly, or, as you proposed, to encrypt the actual key.  How
My issue with that is that it's non-revocable by the user. Should 
bad-guy-Mallory manage to get that information somehow, the user can't do 
anything to protect their future data. If Mallory steals their password, then 
the user can change it, meaning that Mallory has to put the hard-yards in to 
get access back again.

> Also, just how secure do you need it to be?  Don't waste a thousand-dollar
> lock on a fifty-dollar bicycle.  Is this data actually a tempting target
> for attackers who are clueful and resourceful (in both the senses of
> "clever" and "able to spend a lot")?
I think the primary attack scenario is to prevent someone leaving a laptop 
somewhere, someone else picking it up and saying "ohh, interesting data! Lets 
sell it to their competitor", but in the interests of 'doing it properly', I 
expect there won't be much more expense on our part to put a more complete 
and secure solution in than that. Perhaps so that if the well-funded 
competitor gets the disk, they can't break it quickly and easily. I'm leaving 
things like planting keyboard sniffers out of the equation. If they can do 
that, they have the user's password and can log into the system and see all 
the data anyway and would have no need to try to defeat the encryption.


Hostes alienigeni me abduxerunt. Qui annus est?

PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8  7175 14D3 6485 A99C EB6D

Attachment: pgpjXCPWm5OgA.pgp
Description: PGP signature

Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to