RE: Encryption Key Question
From: Simon Zuckerbraun (szucker_at_sst-pr-1.com)
Date: Thu, 03 Mar 2005 14:10:06 -0600 To: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
David: If I'm understanding you correctly, you have the following
situation: An application, running on behalf of a particular user, has a
piece of sensitive data that must be stored on the local computer. You
are looking for a way to encrypt that data before storing it, so only
that user will be able to access the data. Any other individual who gets
access to the machine will not be able to access the data.
Some operating systems have a facility for performing exactly that task.
In Windows, this is known as DPAPI.
Zaven: Here's a very quick explanation of how DPAPI works in Windows.
For each user in the system, Windows generates a random "master key"
used to encrypt the user's secrets. The master key is stored as part of
the user's profile, encrypted with a key that is derived from the user's
password. Unless the user is logged on to the system with the proper
password, the master key can not be decrypted. (Warning! This is a bit
oversimplified, as I am about to explain...)
Enormous complications result from the fact that we need to be able to
deal with password changes and resets. If the user forgets his password
and an administrator forcibly resets it to a different string, there has
to be some way for the user to regain access to his master key (which
sits encrypted using the original password). Microsoft went to great
lengths to ensure a proper balance between security and reliable means
of recovery in the case of such interruptions in normal operations. In
practice, the effectiveness of DPAPI depends on certain details of how
the machine is configured; high-security configurations are achievable.
I could go on and on about this. It's a topic that never ceases to
Lots can go wrong. Apply Keychain Manager was found to have a bad
security hole (http://seclists.org/lists/bugtraq/2004/Jul/0166.html). I
don't know the current status of that issue.
David: You will find out - either that, or you've already found out -
that there are no universal solutions in security. Every proposed
solution has to be carefully evaluated to ensure that it accurately
addresses the threats that are relevant. So I need to add this word of
caution: I'm not telling you for sure that DPAPI (or the equivalent on
another OS) is necessarily the appropriate solution to the problem you
are working on. That's something that can only be decided after a
careful, holistic study of the environment in which your system will
operate, and the potential threats that need to be defended against.
> -----Original Message-----
> From: Zaven [mailto:email@example.com]
> Sent: Wednesday, March 02, 2005 11:21 PM
> To: David Heise; firstname.lastname@example.org
> Subject: Re: Encryption Key Question
> David Heise wrote:
>> Here's my question:
>> What is the best method of storing this passphrase internally in the
>> application such that it would be as secure as possible?
> AFAIK, you can't store the passphrase anywhere securely. You should
> think in terms of requiring the user/other process/whatever to input the
> passphrase in to authenticate, and then storing only the hash digest.
> If anyone knows how (e.g., Apple Keychain Manager) manages to diaplat
> the plaintext of stored passwords, I'd like to know, because it makes me
> nervous :)