Security Basics mailing list archives
AW: Securing an encryption key within software.
From: Christian.Assfalg () bc boehringer-ingelheim com
Date: Tue, 20 Jun 2006 16:16:17 +0200
Hello Davie, I don't see why you need the decription key at all? Under Unix/Linux, passwords are saved in a hashed form only. Comparing a given password with the actual one is done by hashing the given password and comparing it with the saved hash. There is no need to decrypt the hash and get the original password back. The same applies, I think, to your application. I don't see why you need to decrypt the passwords. If a user has forgotten his password, you should have functions to set a new one, but not ones to read the actual password. As you said, this has a lot of security issues. As for using TPM - forget it. Shure, TPM would give you features to bind your software, or certain data, to one particular machine. But what in case of a hardware Failure? You would loose all your data, unless there are some ways to backup that stuff. I guess there have to be some ways to do that, but still - way too risky and complicated for my taste. But TPM is designed to - and I guess will do what you asked for: making shure that there is only very limited access to certain data. I suggest you use a one-way hash function to store your passwords, or use asymetric (public / private key) cryptographic algorithms to encrypt the passwords with the public key, and throw away the private key. Or use Public / Private Key cryptography and use an additional Passphrase to encrypt the Private key with (Private key for decryption is useless without that passphrase). This should be done on a Per-User / Host / whatever basis, not one for the software as such, mind. Otherwise the encryption key is vulnerable to things like a chosen plaintext attack (http://en.wikipedia.org/wiki/Chosen-plaintext_attack). Best regards, Christian Assfalg -----Ursprüngliche Nachricht----- Von: Davie Elliott [mailto:delliott () eluse co uk] Gesendet: Freitag, 16. Juni 2006 10:59 An: security-basics () securityfocus com Betreff: Securing an encryption key within software. Hello everyone, I have been writing a password storing application in Visual Basic. The passwords are stored in a database and encrypted with AES 256-bit. And I have been wondering how I would stop the key from being found, should the software somehow leave the building and fall into the wrong hands. Using a simple Hex Editor on the software I can see that any strings that have been defined ("hard coded") in the software can easily be read. So what I have done is left the "hard coded" key in the software, but only use it to encrypt/decrypt the database key the is held in a file, so I have: "Hard coded" key [ENCRYPT] Database Key -----> Encrypted key (Store in a plain text file) When the software loads: "Hard coded" key [DECRYPT] Encrypted key -----> Database key (Stored in memory and used to decrypt passwords in the database). My worry again, is that if the plaintext file and the software managed to leave the building, the same situation will occur. So, my question is: How does one securely store an encryption key inside a program? I thank you for your input. Davie Elliott Network Administrator Express Link-Up Social Enterprise Unit 4-6 Lenton Business Centre Lenton Boulevard Nottingham NG7 2BY t: 0115 9791200 w: www.eluse.co.uk
Current thread:
- AW: Securing an encryption key within software. Christian . Assfalg (Jun 20)
- Re: Securing an encryption key within software. Saqib Ali (Jun 20)
- <Possible follow-ups>
- AW: Securing an encryption key within software. Christian . Assfalg (Jun 21)