On 05/28, Shawn said something like:
> On 05/28, David T-G said something like:
> > % sort of secure form in memory (encrypted or something).
> >
> > Now that's an interesting one... Suppose someone feeds this script a
> > password or a credit card number or such (that is, something manageable,
> > even if only for me since perl could suck the OED into $oed and not
> > care :-) and you want to work with it. When you get it you have to
> > process it somehow. When you get the data, it will probably be in
> > plaintext (a form field over an https connection, say) and you get to
> > encrypt it from there. That I can follow, but:
> >
> > 1) Can the suggested "secure form in memory" help you at that early stage,
> > when it arrives in plaintext?
> >
> > 2) How do you then work with it when it's sitting encrypted in memory (in
> > order to, say, hand it off to your merchant account processor for billing)
> > without thereby having it in plaintext (either in memory or somewhere else)?
>
> Well, if the merchant has his own cipher key, it can all be encrypted
> with the owner's cipher key. That make sense?
>
> This protects the data from customer to customer, and there is no need
> at all for plaintext if wherever the data goes understands ciphers.
Now, I'm not sure if this addresses your question. Basically, I just
mean to say there's no need to expose the most critically private info
to cleartext variables for the duration of a program's runtime.
Also, examine the codepath for any duration there will be sensitive
cleartext in memory, minimize it, check all input, watch for races, etc.
Also, no harm in having a password protected cipher key in memory to
decrypt the data, as long as it's done right. This can be just as
dangerous as plaintext if done wrong. Remember, a script probably does
not need to "see" everything itself.
In any case, the "script" will know how to decrypt the data, it will
have a key, and the password for the key for some of it's runtime, and
it can be discovered by a third party if access to the program's memory
is gained, it's a fact of life. This just makes it harder.
Any wipe, cipher, obfuscate, gonkulate scheme is only as strong as its
weakest link. I just try to make things as blind to sensitive data as I
can, which is dictated by the functionality demanded.
--
Shawn Leas
[EMAIL PROTECTED]
I used to work in a fire hydrant factory. You couldn't park
anywhere near the place.
-- Stephen Wright
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
