Re: if I encrypt key data why do I want or need SSL?

Hello Rob,

If an attacker compromises your system somehow and gets your strong named
assembly, he can simply decompile it. A strong name doesn't protect an
assembly from being decompiled at all.

You talk about passwords with a length of 40 characters - how are they used?
Are those passwords stored somewhere? (Surely they will - there are very few
people who will remember a 40 char password which meets some complexity
requirements). How are they transferred over the wire?

You say that you are transmitting all sensitive data in an encrypted form -
what encryption do you use? Symetric? Asymetric? If you are using the first,
you must exchange the keys securely - and store them securely. If you are
using asymetric encryption, you are rebuilding https...

Talking about Slammer... yes there might be a patch - but you don't know for
sure if there is another, yet undiscovered hole. Undiscovered by the
public... And if the attacker gains access to the SQL Server, he *might* be
able to get access to your strong named assembly. And after he decompiled
the assembly he will find the secret encryption key.

The encryption key itself - are you using one for all the encryption stuff?
How often do you change it? It looks to me like a single point of failure.

Regards,
Henning Krause

"Rob R. Ainscough" <robains@xxxxxxxxxxx> wrote in message
news:Oqt$gTrUGHA.5808@xxxxxxxxxxxxxxxxxxxxxxx
How would they put junk data into my system? Are you assuming they've
been able to hack in via an account? Unless ADO.NET 2.0 has some
fundamental security flaws when communicating to a SQL server? I could
encrypt the entire message also, all that SSL does for me is provide
encrypted access to external sources beyond the control of my security.

Slammer real world impact has been relatively low threat (which has been
countered via a patch a long time ago) -- in fact, it will provide zero
benefit in my situation (even if the SQL server is not patched) -- gaining
Windows Service security context (sends 376 bytes to UDP port 1434 for
buffer overflow) means nothing to the way my security is established --
the only way they can obtain any value is if they were able to locate my
strong name DLL responsible for all security aspects, assuming they could
get into the DLL and somehow decompile it (without the public/private key
pair) they would then have to discover where in the DLL the call is to get
the encrypted key and then also have to realize that key needs to be
unencrypted.

In fact, the way my security is enforced has minimal reliance on the OS or
the SQL server -- about all a hacker could do is delete or change data and
that is assuming they have found a flaw in the OS/Service (i.e.
lammer) -- data changes will soon be rejected by my applications as they
will not validate and be rejected as bogus data.

Can you provide details of how you might attack a strongly named assembly?
Opening the file in binary will not be terribly helpful and you can't
decompile it to any useful context, so please explain?

Web Services use the same approach, none of my web service will do
anything if they don't get a valid encrypted key as a parameter to all and
any method made available by the service and any sensitive data passed to
from a web service is always encrypted.

Rob

"Andy" <ajj3085@xxxxxxxxxxxx> wrote in message
news:1143573820.754223.139480@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
It sounds like it would still be possible for an attacker to put junk
data into your system. Take your encrypted value, and replace it with
another encrypted value. SSL would prevent this kind of tampering,
since the whole message is signed, not just individual fields.

Leaving port 1433 open to the internet has caused problems in the past;
perhaps you heard of the slammer worm?

Even with a strongly named assembly you are still open to some kinds of
attacks.

Finally you may need to communicate data with a web service at some
point, and I doubt you'd want to provide your key to the 3rd party.





.

Relevant Pages

  • Re: if I encrypt key data why do I want or need SSL?
    ... that it's hard to get security right - even for an security ... he can simply decompile it. ... If you are using asymetric encryption, ... The encryption key itself - are you using one for all the encryption ...
    (microsoft.public.dotnet.security)
  • Vulnerability in encrypted loop device for linux
    ... An attacker is able to modify the content of the encrypted device ... considered a aim of the encryption mode, so most modes (e.g. ECB, CFB, ... As we need to authenticate the device across mounts and not while it is ... It slows down mount operations but they are ...
    (Bugtraq)
  • [UNIX] Vulnerability in Encrypted Loop Device for Linux
    ... Encrypting a disk device aims to protect against an off-line attacker who ... The encryption mode used by encrypted loop device is CBC. ... We propose 2 types of fixes: one that authenticate at mount time (see ...
    (Securiteam)
  • Re: Question about rsync
    ... The most important aspect of security is improving your weakest links - when you are at the stage that the easiest methodof attack is physical, or personal, then your job as IT security is pretty much done. ... It makes sense to take easy steps to increase security if you can - an attacker might not have the same opinion about the easiest methodof attack as you. ... but it contains information about an algorithm aimed precisely at transferring only those parts of a file that have changed. ... So unless you are doing a backup of a nuclear missile design, encryption on an rsync backup will only make a realistic difference if your network topology is such that the traffic is accessible by more people. ...
    (comp.os.linux.networking)
  • Re: Signatures and encryption headers
    ... breached when an attacker can modify the message received? ... But I see how the lack of authentication can cause the receiver to act ... not for the iv or other encryption ... A create a payload, S signs it with public key crypto (most likely ...
    (sci.crypt)