[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200303142251.h2EMpJZt031185@www.harkless.org>
Date: Fri, 14 Mar 2003 14:51:19 -0800
From: Dan Harkless <bugtraq@...kless.org>
To: bugtraq@...urityfocus.com
Subject: Re: Obfuscating sensitive data? (was: response to tax software not encrypting tax info)
Andreas Beck <becka@...atec.de> writes:
> 2) If 1) cannot be done for some reason, use _strong_ encryption to
> _encrypt_ the data. XORing them with "wrdlbrmft" will just make an
> attacker laugh, assuming he is just a bit smarter than a piece of wood.
> Never just obfuscate the passwords by using a generic key. Even if
> the app picks one individual key at installation time, it has to be
> stored somewhere and when you can retrieve the file, chances are, that
> you can as well retrieve the stored key.
A more important argument against the application picking a random key at
installation time is that if it gets lost (e.g. due to disk or registry
corruption), the user's data is gone (which could have serious results in
cases such as tax programs).
Any secret required to decrypt the data should be supplied by the user so
that they can take whatever steps are appropriate to make sure it doesn't
get lost.
> IMHIO obfuscating data serves only one purpose: Not giving away Information
> to someone _briefly_ _viewing_ over the file. That's o.k. to keep the
> sysadmin from the temptation to hit a user that picks a weak or offensive
> password with a wet haddock. It's as well o.k. to guard a password against
> a coworker that happened to look over your shoulder when you opened the
> wrong file. But it is NOT o.k., if an attacker can retrieve the file and
> play around with it all day.
Obfuscation should never be encouraged over encryption, but obfuscation is
certainly better than nothing (cleartext). Your comparison ignores the fact
that the vast majority of people stumbling across someone's tax return on a
file sharing network would have neither the inclination nor the ability to
write or find software capable of de-obfuscation.
Naturally true encryption is greatly desired just in case a true attacker
_is_ out there, but obfuscation will certainly protect against that 99.x% of
the population that _could_ download your tax return if they wanted to, but
won't (or won't figure out how to get the obfuscated info out of it if they
do).
--
Dan Harkless
bugtraq@...kless.org
http://harkless.org/dan/
Powered by blists - more mailing lists