Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: Storing credentials in a cross-platform binary file?

by missingthepoint (Friar)
on Sep 12, 2008 at 03:06 UTC ( [id://710788]=note: print w/replies, xml ) Need Help??


in reply to Storing credentials in a cross-platform binary file?

I'd recommend encrypting the whole file for the security benefit. If you encrypt individual parts of file separately, you make it easier to break the encryption. Of course, this may not be an issue, depending on your definition of 'easily recoverable'.

If the whole file is encrypted then it's indeed binary, and not likely to be fiddled with.

If you do encrypt the whole file, you may have issues using SQLite. I could be wrong, but I think SQLite require a disk file to operate on. If you decrypt an encrypted SQLite database file and write a temporary plaintext version to disk, you render all the encryption pointless.

With all that in mind, I think the best solution is what moritz suggested: use YAML or Storable and encrypt the whole file.

email: perl -e 'print reverse map { chr( ord($_)-1 ) } split //, "\x0bufo/hojsfufqAofc";'
  • Comment on Re: Storing credentials in a cross-platform binary file?

Replies are listed 'Best First'.
Re^2: Storing credentials in a cross-platform binary file?
by tilly (Archbishop) on Sep 12, 2008 at 03:46 UTC
    There are standard encryption mechanisms that are so good as to be effectively unbreakable. As Bruce Schneier says, attempting to improve these systems by improving the encryption is like trying to extend the wall in the path from 2 km high to 5 km high while hoping that attackers won't just walk off the path and go around the wall.
[reply]

      By 'breaking the encryption' I meant 'going around the wall', that is, rendering the encryption ineffective. I know, taken literally 'breaking the encryption' means finding/exploiting a flaw in the actual algorithm, but I was speaking idiomatically - think 'arrays of arrays' in Perl.

      Incidentally, and in agreement with you, tilly: I can't remember the source, but I recall someone from the NSA as being quoted as saying: "We don't need to break DES, because the implementations are so poor". For lots of cases, you can probably s/DES/modern cipher/.

      email: perl -e 'print reverse map { chr( ord($_)-1 ) } split //, "\x0bufo/hojsfufqAofc";'
[reply]
[d/l]
        I see no way in which encrypting the whole file makes the encryption any harder to break than using the same algorithm to encrypt a piece of data that you put into a file.
[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://710788]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (4)
As of 2024-04-25 17:48 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found