in reply to Re^2: Is it possible to sanitize Perl memory that holds sensitive data? (crypto implications)
in thread Is it possible to sanitize Perl memory that holds sensitive data? (crypto implications)

I'll investigate

Not to beat it to death, more of a sales pitch.....Save your time, and go with the encrypted loopback filesystem. It is the solution adopted by the experts. The TrueCrypt mentioned earlier is nice, but you can easily roll-your own on linux, and some distros like SuSE, have the option to use encrypted filesystems at the install process. All you really need is a patched version of the losetup utility ( the utility used in "mount -o loop" ) that handles encryption. You can mount your enc partiton at boot, with the mount options in /etc/fstab, or you can mount them later after boot.

With the enc filesystems, and even encrypted swap spaces, (you can change between different swap spaces any time), you can be sure your stuff is scrambled and not directly readable. At that point, you need to worry about them watching your keyboard, or intercepting your keypress signals somehow. You can then run something like Tk Virtual Keyboard to hide your text and passwords from the leaky keyboard. It really all boils down to who are you trying to hide stuff from? Your wife, business competitors, thieves, Dept. of Homeland Security? :-)

You know encrypted filesystems work, because there already have been numerous cases where people are under court orders to reveal the passwords to their encrypted filesystems. Investigators can get by root and bios passwords without any trouble and see your stuff, but all they see is jibberish when they look at the enc filesystem.

Also you cannot be sure what is left on a non-encrypted filesystem, even after you force an erasure. Maybe it left something on swap? Maybe something was left in the clear somewhere.....can you be sure? Only on an encrypted filesystem can you be sure and sleep good at night. You can also run the whole thing on a USB key, and keep it in your pocket, for a feeling of extra safeness.

I'm not really a human, but I play one on earth Remember How Lucky You Are
  • Comment on Re^3: Is it possible to sanitize Perl memory that holds sensitive data? (crypto implications)

Replies are listed 'Best First'.
Re^4: Is it possible to sanitize Perl memory that holds sensitive data? (crypto implications)
by missingthepoint (Friar) on Aug 30, 2008 at 00:39 UTC

    That Tk app is cool. ++. I'm inspired to learn Tk now.

    I don't want to let you get away with speaking ex cathedra, so... which experts and where? :)

    Probably should have mentioned earlier that I'm familiar with Linux (this is not to say your answer wasn't helpful). As far as I know, you can do better than using losetup's encryption facilities. According to this paper (PDF), CBC mode (used by - correct me if wrong - losetup) has a few known problems. Whether these are more than academic is likely dependent on whom you're trying to hide data from. :) In any case (as I perceive it), the state of the art with Linux disk encryption right now is LUKS and dm-crypt.

    Nevertheless, I think you're right... encrypted loopback is the best solution. The "far more complex" situation means that

    memset(sensitive_buf, 0, sizeof sensitive_buf);

    ... is not sufficient, because to assert it is would be assuming the code is running on some ethereal Turing machine in the sky. But it's not. You must also consider the broader environment this code runs in (namely, one which includes modern OSs with virtual memory systems), which means taking into account memory being swapped out, etc.

    I think I have more of a handle on the problem now. Cheers. :)

    email: perl -e 'print reverse map { chr( ord($_)-1 ) } split //, "\x0bufo/hojsfufqAofc";'
[reply]
[d/l]
      so... which experts and where? :)

      Slashdot of course!!! :-) Slashdot on encryption

      Seriously though, there are newsgroups devoted to encryption security, and it usually comes down to "who are you trying to hide data from?".....because at some level, they can crack you with enough work and money. The AES encryption usually used is based on a finite key length. The question is " are you worth them spending a million dollars of their limited budgets?" For a divorce case.....no; .......to implicate Clinton and Monica Lewinski.... oh yeah. :-)

      They have ways of attacking encrypted disks. One of the most recent is Freezing Computers

      I'm not really a human, but I play one on earth Remember How Lucky You Are
[reply]
        Nice dodge. Now could you please give a good reference that cites the "experts" you referred to in your other node?

        A google search against "loopback file system expert opinion" returns nothing helpful. You seem to be "in the know" on this, so please share with us lowly morons not so privileged.

[reply]

In Section Seekers of Perl Wisdom