in reply to Storing credentials in a cross-platform binary file?

Wow, your post certainly triggered lots of discussion:-)

For the record: I am/used to be a cryptologist. There ain’t no such thing as 100% secure but you can make it very safe and approach the 100% if needed. In your case that seems like overkill however (do you have specific requirements?).

I must confess that I am surprised/shocked by some of the arguments/ideas put forward:

“good old one time pad”
I would say more old then good:-) During the cold war the hotline between Washington and Moscow was based on something similar. It’s extremely safe but can only be used once then you have to change key. They had to exchange the (many) keys prior to communication over a secure channel of course. IMHO: You can do a lot better then using this approach, you probably don’t have the same requirements as the “hotline” either;-)

“If you encrypt individual parts of file separately, you make it easier to break the encryption”
I wonder were this idea comes from it is simply not true.

“We don't need to break DES, because the implementations are so poor”
A surprising quote from the NSA? When I majored on this stuff DES was safe. However DES has been cracked/hacked and is considered unsafe nowadays (That’s why they use things like tripleDES). For the record: the DES algorithm is often implemented in hardware because it outperforms the software implementations by a factor. I wouldn’t call these hardware implementations pour. BTW: the security requirements of DES were kept secret by instigation of the NSA!

So in your case a simple file containing the passwords with a standard off-the-shelve cryptographic algorithm should do the trick unless you have very specific requirements (well do ya?). When in doubt you can always hire a specialized company to assess your security to gain confidence in it.

Last but not least there is the problem of Key management which is normally the most difficult component of the entire cryptographic system! You will have to change the password with some frequency and device a strategy for that.

Rest my case

  • Comment on Re: Storing credentials in a cross-platform binary file?

Replies are listed 'Best First'.
Re^2: Storing credentials in a cross-platform binary file?
by waswas-fng (Curate) on Sep 12, 2008 at 18:57 UTC
    “We don't need to break DES, because the implementations are so poor” A surprising quote from the NSA? When I majored on this stuff DES was safe. However DES has been cracked/hacked and is considered unsafe nowadays (That’s why they use things like tripleDES). For the record: the DES algorithm is often implemented in hardware because it outperforms the software implementations by a factor. I wouldn’t call these hardware implementations pour. BTW: the security requirements of DES were kept secret by instigation of the NSA!

    I think the quote referenced was actually talking about the fact that most times expensive crypto breaking is the hard route to take when looking for the data -- most times there are other simple paths to take to get at the data. The systems implementation, procedure and policy usually left gaping holes to exploit before needing to crack the crypto.


    -Waswas
[reply]

In Section Seekers of Perl Wisdom