Matt Moor wrote:
> >Errr, I don't thin thats right. Even if they have the machine, they still
> >don't have the pass phrase. Is that right? Any crypto gurus out there?
> >
> >
> Essentially, you're correct. A private key (file, chunk o' text, etc) is
> actually a copy of your private key (the really long number) that's been
> symmetrically encrypted (with a password as a key).
>
> Unfortunately, passwords suck for security (mainly because we suck at
> making them up and remembering them). So, if you store the keys and the
> ciphertext together, rather than having a couple of pretty good layers
> of security (some of which are cryptographically strong), you're left
> with one pretty brittle one.
Ok, that makes sense.
> It's worth noting here that public key crypto wasn't built for this sort
> of thing, though, so I'd want to have a long hard think about the design
> and whether you were doing anything new, lest you introduce some weird
> vulnerability. Particularly since everyone else seems to do away with
> the abstraction and use a symmetric cipher.
Yep probably what I need to do.
> Of course, it depends on how secure you want the info you're protecting
> to be.
The aim was to be secure enough that if I loose my laptop the file can't
be decrypted without a a large bunch of smarts and CPU grunt.
I think I need to re-evaluate what I'm doing.
> Building on a solid crypto library is a really good start, but
> for your particular app, there are much easier attacks I'd be looking at
> first, like how you're storing the plain text prior to encryption
> (memory structure),
I' assuming that while the data is in memory I am the only person on
the machine.
> what you're using to edit the text (oh, you're not
> using an off-the-shelf are you? bzzt! Most of them have a temp file!),
Ok, the idea was to decryt the data to a temp file in its own directory
under /tmp (using tmpfs as well), then edit that with $EDITOR which
should put any temp files in the same directory. When the editor closes
the file is encrypted and the temp file deleted and the directory
removed.
Being tmpfs, there is a chance that the decrypted file ends on on the
swap partition. I hadn't thought of a way around this yet.
> right down to file formats (how do you serialise the data prior to
> encryption without weakening the crypto scheme?),
Well gpg does some mangling of the data before encryption. If public
key crypto was good enough I was expecting this to work as well.
> and what you do with
> the data in memory prior to encrypting it (PasswordSafe goes so far as
> to implement a new version of strcpy after they decided that the
> standard version didn't clean up safely).
Maybe I need to look at passwrodsafe and grab some ideas.
Anyone now of a nice lib for symmetrix crypto? I know gpg does symmetric
as well as PK, but libgpgme does not expose that.
> Heh. Your garden variety symmetric cipher is a series of functions and
> XORs. :)
Yes, but there's more than one XOR.
Erik
--
+-----------------------------------------------------------+
Erik de Castro Lopo
+-----------------------------------------------------------+
I'd rather not work with people who aren't careful. It's darwinism in
software development.
Linus Torvalds on the linux-kernel list
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
