Re: How do I store secrets?

From: Michael Giagnocavo [MVP] (mggUNSPAM_at_atrevido.net)
Date: 07/06/04


Date: Tue, 6 Jul 2004 00:43:32 -0400

It's even easier than that :D. No matter how you store the key, the usercode
needs to use it and pass it off to the encryption algorithm. Unless you
embed the algorithm completely in your code, it's trivial to intercept the
crypto API call and get the key from that point.

My advice: Redesign the app to not depend on YOUR code signing it. It's a
fundamental design problem.

You could try to move your code to a dedicated, tamper-proof hardware box.
However, all this does is increase the intelligence/time/budget needed to
attack. The Xbox's encrypted ROMs were successfully attacked by a smart guy
from MIT -- and I don't think it took him that long either. And after the
attack is developed, it's easy to repeat it on other client installations,
effectively making your app completely untrusted.

The safest way to rely on this bad design is to not protect anything
worthwhile. If you are using this for: military applications, voting
machines, business, medical records access, or anything to do with money in
amounts larger than $100, forget it. If you're protecting access to your
collection of 4 CDs and 2 DVDs, it might ok.

-mike
MVP

"Chris Clark" <ChrisClark@discussions.microsoft.com> wrote in message
news:F598B216-C16F-4002-BD75-B8CFED02CC1A@microsoft.com...
> Don't forget that plain text is viewable in the compiled assembly. So even
> after you compile your source, possibly even using obfuscation, a plain
> text password or key or connection string is viewable by opeing your dll
> in notepad.
>
> "Eugene Mayevski [SecureBlackbox]" wrote:
>
>> Danny van Kasteel wrote:
>>
>> > Don't get me wrong, I'm with you on that. That is why I need to be as
>> > close as possible to knowing that my code signed a piece of data.
>> > The only ways to break the security in the scenario I suggested (i.e.
>> > using an embedded signing key) seem to be: a) compromising the
>> > signing key (by obtaining source code for example); b) replacing the
>> > verification key to allow the attacker's key to be accepted;
>>
>> Why don't you consider extracting the key from your code and using it
>> for signing the results of other code?
>> This is the easiest way to hack the scheme.
>>
>> Maybe I just don't understand you needs, however...
>>
>> --
>> Eugene Mayevski
>> EldoS Corp., CTO
>> Networking and security solutions, development and consulting services
>> http://www.eldos.com
>>
>>



Relevant Pages

  • Re: (newbie) rsa ciphertext and plaintext
    ... A good encryption algorithm generates a cipher text that ... yields no information about the plain text. ... you should not be able to tell from the cipher text whether the ... Jeff ...
    (sci.crypt)
  • Re: (newbie) rsa ciphertext and plaintext
    ... > A good encryption algorithm generates a cipher text ... > yields no information about the plain text. ...
    (sci.crypt)
  • Re: Specific encryption
    ... what is the encryption algorithm operating on? ... would prevent this attack. ... > similar ciphertexts you should solve it by using a unique IV for each ... > This example is not valid for CTR mode. ...
    (sci.crypt)
  • Re: Compressing an encrypted file with winzip!
    ... > aXoneX wrote: ... >> Hmmm well if the encryption algorithm were available to all including ... Very simply because they are plain better securitywise. ... measure the worth of a cypher, then you would not be able to tell ...
    (sci.crypt)
  • Re: Specific encryption
    ... what is the encryption algorithm operating on? ... Strings? ... > would prevent this attack. ...
    (sci.crypt)