Encrypted configuration file?
- From: "mike3" <mike4ty4@xxxxxxxxx>
- Date: 27 Apr 2006 12:04:37 -0700
Hi.
For the ongoing logger project, I was thinking about having the logger
encrypt & authenticate it's configuration file to prevent someone from
tampering with it, and to make the config file harder to detect (ie.
"text in file" searches will be useless). Would this work?
1. For authentication, upon saving out the config, we attach an MAC
generated with a user-supplied password, which also locks the
configuration program. Whenever the configuration program is started
up, it prompts the user for this password, and if it's right, attempts
to verify the MAC. If it fails, it tells the user the configuration
file has been tampered with. Whenever the user saves the configuration
file, it asks for the password. Even though it's entered in at
configurator startup, the program doesn't keep it in memory in order to
make a memory attack more difficult.
2. For obscurity, we encrypt the config with a key stored in another
file somewhere else on the drive, so the logger can read it's config on
boot without having to prompt the user for the password. This key is
randomized to ensure it's not related to the password in any way (and
thus to prevent someone from forging the MAC if they find the file). Of
course, if this file is compromised, the config can be too, but any
changes would still be detected by the MAC. The encryption is just here
to make finding the config harder.
How good is this system, given the purpose of it?
.
- Follow-Ups:
- Re: Encrypted configuration file?
- From: Kristian Gjøsteen
- Re: Encrypted configuration file?
- Prev by Date: Re: Compression leads to encryption NEW COMPRESSION METHOD!
- Next by Date: Re: Compression leads to encryption NEW COMPRESSION METHOD!
- Previous by thread: is it sufficient to solve factoring problem
- Next by thread: Re: Encrypted configuration file?
- Index(es):
Relevant Pages
|
|
