RE: Encryption Key Question

[Simon Zuckerbraun <szucker () sst-pr-1 com>]

David: If I'm understanding you correctly, you have the following 
situation: An application, running on behalf of a particular user, has a 
piece of sensitive data that must be stored on the local computer. You 
are looking for a way to encrypt that data before storing it, so only 
that user will be able to access the data. Any other individual who gets 
access to the machine will not be able to access the data.

Some operating systems have a facility for performing exactly that task. 
In Windows, this is known as DPAPI.

Zaven: Here's a very quick explanation of how DPAPI works in Windows. 
For each user in the system, Windows generates a random "master key" 
used to encrypt the user's secrets. The master key is stored as part of 
the user's profile, encrypted with a key that is derived from the user's 
password. Unless the user is logged on to the system with the proper 
password, the master key can not be decrypted. (Warning! This is a bit 
oversimplified, as I am about to explain...)

Enormous complications result from the fact that we need to be able to 
deal with password changes and resets. If the user forgets his password 
and an administrator forcibly resets it to a different string, there has 
to be some way for the user to regain access to his master key (which 
sits encrypted using the original password). Microsoft went to great 
lengths to ensure a proper balance between security and reliable means 
of recovery in the case of such interruptions in normal operations. In 
practice, the effectiveness of DPAPI depends on certain details of how 
the machine is configured; high-security configurations are achievable.

I could go on and on about this. It's a topic that never ceases to 
facinate me.

Lots can go wrong. Apply Keychain Manager was found to have a bad 
security hole (http://seclists.org/lists/bugtraq/2004/Jul/0166.html). I 
don't know the current status of that issue.

David: You will find out - either that, or you've already found out - 
that there are no universal solutions in security. Every proposed 
solution has to be carefully evaluated to ensure that it accurately 
addresses the threats that are relevant. So I need to add this word of 
caution: I'm not telling you for sure that DPAPI (or the equivalent on 
another OS) is necessarily the appropriate solution to the problem you 
are working on. That's something that can only be decided after a 
careful, holistic study of the environment in which your system will 
operate, and the potential threats that need to be defended against.

Simon

> -----Original Message-----
> From: Zaven [mailto:zaven () sonic net] 
> Sent: Wednesday, March 02, 2005 11:21 PM
> To: David Heise; security-basics () securityfocus com
> Subject: Re: Encryption Key Question
>
>
> David Heise wrote:
>
> > Here's my question:
> > What is the best method of storing this passphrase internally in the 
> > application such that it would be as secure as possible?
>
> AFAIK, you can't store the passphrase anywhere securely. You should 
> think in terms of requiring the user/other process/whatever to input the 
> passphrase in to authenticate, and then storing only the hash digest.
>
> If anyone knows how (e.g., Apple Keychain Manager) manages to diaplat 
> the plaintext of stored passwords, I'd like to know, because it makes me 
> nervous :)
>
> Zaven