Re: Storing credentials in a cross-platform binary file?

I'd recommend encrypting the whole file for the security benefit. If you encrypt individual parts of file separately, you make it easier to break the encryption. Of course, this may not be an issue, depending on your definition of 'easily recoverable'.

If the whole file is encrypted then it's indeed binary, and not likely to be fiddled with.

If you do encrypt the whole file, you may have issues using SQLite. I could be wrong, but I think SQLite require a disk file to operate on. If you decrypt an encrypted SQLite database file and write a temporary plaintext version to disk, you render all the encryption pointless.

With all that in mind, I think the best solution is what moritz suggested: use YAML or Storable and encrypt the whole file.

email: perl -e 'print reverse map { chr( ord($_)-1 ) } split //, "\x0bufo/hojsfufqAofc";'

Comment on Re: Storing credentials in a cross-platform binary file?

Replies are listed 'Best First'.
Re^2: Storing credentials in a cross-platform binary file? by tilly (Archbishop) on Sep 12, 2008 at 03:46 UTC
There are standard encryption mechanisms that are so good as to be effectively unbreakable. As Bruce Schneier says, attempting to improve these systems by improving the encryption is like trying to extend the wall in the path from 2 km high to 5 km high while hoping that attackers won't just walk off the path and go around the wall.	[reply]
Re^3: Storing credentials in a cross-platform binary file? by missingthepoint (Friar) on Sep 12, 2008 at 04:16 UTC
By 'breaking the encryption' I meant 'going around the wall', that is, rendering the encryption ineffective. I know, taken literally 'breaking the encryption' means finding/exploiting a flaw in the actual algorithm, but I was speaking idiomatically - think 'arrays of arrays' in Perl. Incidentally, and in agreement with you, tilly: I can't remember the source, but I recall someone from the NSA as being quoted as saying: "We don't need to break DES, because the implementations are so poor". For lots of cases, you can probably `s/DES/modern cipher/`. email: perl -e 'print reverse map { chr( ord($_)-1 ) } split //, "\x0bufo/hojsfufqAofc";'	[reply] [d/l]
Re^4: Storing credentials in a cross-platform binary file? by tilly (Archbishop) on Sep 12, 2008 at 05:51 UTC
I see no way in which encrypting the whole file makes the encryption any harder to break than using the same algorithm to encrypt a piece of data that you put into a file.	[reply]
Re^5: Storing credentials in a cross-platform binary file? by missingthepoint (Friar) on Sep 14, 2008 at 14:41 UTC
Re^6: Storing credentials in a cross-platform binary file? by tilly (Archbishop) on Sep 15, 2008 at 05:53 UTC