AW: Securing an encryption key within software.

[Christian.Assfalg () bc boehringer-ingelheim com]

Hello Davie,

I don't see why you need the decription key at all? Under Unix/Linux, passwords are saved in a hashed form only. 
Comparing a given password with the actual one is done by hashing the given password and comparing it with the saved 
hash. There is no need to decrypt the hash and get the original password back.

The same applies, I think, to your application. I don't see why you need to decrypt the passwords. If a user has 
forgotten his password, you should have functions to set a new one, but not ones to read the actual password. As you 
said, this has a lot of security issues.

As for using TPM - forget it. Shure, TPM would give you features to bind your software, or certain data, to one 
particular machine. But what in case of a hardware Failure? You would loose all your data, unless there are some ways 
to backup that stuff. I guess there have to be some ways to do that, but still - way too risky and complicated for my 
taste. But TPM is designed to - and I guess will do what you asked for: making shure that there is only very limited 
access to certain data.

I suggest you use a one-way hash function to store your passwords, or use asymetric (public / private key) 
cryptographic algorithms to encrypt the passwords with the public key, and throw away the private key.

Or use Public / Private Key cryptography and use an additional Passphrase to encrypt the Private key with (Private key 
for decryption is useless without that passphrase). This should be done on a Per-User / Host / whatever basis, not one 
for the software as such, mind. Otherwise the encryption key is vulnerable to things like a chosen plaintext attack 
(http://en.wikipedia.org/wiki/Chosen-plaintext_attack).


Best regards,
Christian Assfalg


-----Ursprüngliche Nachricht-----
Von: Davie Elliott [mailto:delliott () eluse co uk] 
Gesendet: Freitag, 16. Juni 2006 10:59
An: security-basics () securityfocus com
Betreff: Securing an encryption key within software.



Hello everyone,

I have been writing a password storing application in Visual Basic. The
passwords are stored in a database and encrypted with AES 256-bit.
And I have been wondering how I would stop the key from being found, should
the software somehow leave the building and fall into the wrong hands.

Using a simple Hex Editor on the software I can see that any strings that
have been defined ("hard coded") in the software can easily be read. So what
I have done is left the "hard coded" key in the software, but only use it to
encrypt/decrypt the database key the is held in a file, so I have:

"Hard coded" key [ENCRYPT] Database Key -----> Encrypted key (Store in a
plain text file)

When the software loads:

"Hard coded" key [DECRYPT] Encrypted key -----> Database key (Stored in
memory and used to decrypt passwords in the database).

My worry again, is that if the plaintext file and the software managed to
leave the building, the same situation will occur.

So, my question is: How does one securely store an encryption key inside a
program?

I thank you for your input.

Davie Elliott
Network Administrator
Express Link-Up Social Enterprise
Unit 4-6
Lenton Business Centre
Lenton Boulevard
Nottingham
NG7 2BY
t: 0115 9791200
w: www.eluse.co.uk