I have spent many hours attempting to figure out how to get my webserver logfile downloaded (or, website updates uploaded) via FTP automatically, without having to leave my password floating around on my machine somewhere. I don't think it's possible. My best theory to date is to embed an encrypted password in sourcecode (please don't shoot me). The prog must decrypt before use. Requires encryption of pw prior to compilation. Requires decryption algorithm in code. If the system was comprised the attacker would still need to reverse the decryption. The prog would not be vulnerable to NOP-style cracking (binary patching of executable to skip instructions) as the pw does actually need to be decrypted. But a disassembler would have the algorithm in plain sight soon enough. In a scripted environment the decryption algorithm and encrypted password would be plainly visible (at best, they might be obfuscated in some way). I considered holding the password in memory somehow (reboots require pw re-entry), but decided that wasn't too private either. If embedded passwords are the only option, perhaps they should expire frequently (requiring re-encryption, compilation, distribution and installation of executable, plus pw reset on the other end). These processes could be mostly automated, however. Expiring encrypted embedded passwords plus other techniques such as IDS, ADS, physical barriers (locked doors etc) and good old security by obscurity might mitigate the risk (to the point where in practicality, you're secure). But I can't think of a way to avoid storing the pw on the box somwhere. Cheers for now, Stuart On 7 Jan 2003 at 12:53, Ed Carp wrote: Date sent: Tue, 7 Jan 2003 12:53:59 -0600 (CST) From: Ed Carp <ercat_private> Send reply to: Ed Carp <ercat_private> To: Andrew MacKenzie <edespot.com!andy@adsl-61-76-31.pns.bellsouth.net> Copies to: securityfocus.com!secprog@adsl-61-76-31.pns.bellsouth.net Subject: Re: PGP scripting... > On Tue, 7 Jan 2003, Andrew MacKenzie wrote: > > > My question therefore is: is all this worth the trouble? In order to use > > PGP with scripts (or even Java code), the scripts need access to both the > > private key and pass phrase (which are stored locally in files). If the > > system were compromised would any of this help? Is there a better way I > > could do this than what I am already doing? This is somewhat academic for > > me at this point, as my client is inflexible on this point and code has > > been written, but I'd be interested in hearing your opinions on this > > subject. > > Be extremely careful when using PGP with any scripting language, > especially when dealing with the private key. Almost all scripting > languages were not designed with security in mind and therefore do a lousy > job of it. If the system were compromised as root, then the attacker has > the keys to the kingdom, so to speak. > > I worked on a project once for a large security concern. One way we > came up with to do decryption is to copy the encrypted file via UUCP (the > computers were connected via serial port) to the decryption server, which > would decrypt the message, then send it back via UUCP. Our exposure was > only for the decrypted message, but the keys couldn't be compromised > nearly as easily. The server where the encrypted file resided was of > necessity exposed to the rest of the company, while the server where the > public and private keys were was on the other machine. Using UUCP enabled > us to very tightly control the interaction between the two machines, > without having the risk associated with networking the two machines > together. > > Hope this helps. -- Stuart Udall stuartat_private - http://www.cyberdelix.net/ ..revolution through evolution want to make some cash? check out http://cyberdelix.net/affiliates.htm
This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 16:53:57 PST