Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

If you absolutely have to (++)store the secret and the means of revealing the secret on the same machine, you might want to consider Trusted Computing, where the key is sealed inside a special chip (TPM) and the application has to attest itself (measure its state at various stages to prove that it has not been tampered with) to obtain the key back from the TPM.

The problem is that the trust chain has to wind from as far as BIOS and bootloader (otherwise the attackers will tamper with things you're not attesting1) and that it's somewhat hard to define the state of your application which both is reproducible and proves the absence of tampering. If the former fails, you won't get the correct key even if no attack has happened. If the latter fails, the attackers will find something that's not measured and coerce the application to give up the key. Others have provided lots of examples of state of Perl applications (PERL5LIB, all of %INC, LD_PRELOAD and other dynamic library hacks...) you would have to find and make reproducible if you go down this road. Despite the difficulties, TPM has its uses, for example, in BitLocker, where Windows is able to skip some checks and get the partition encryption key automatically most of the time, but has to ask the user for password if TPM reports that some boot settings do not match their checksums.

Given the requirement of OS and hardware support and the amount of work to ensure state reproducibility, I wouldn't do this myself but perhaps for you it's a more viable option. Instead, I would separate the ciphertext and the encryption key and make it relatively easy for the user to give the key to the app on startup, while also preventing the part of memory from being written out to swap or core dump (some libraries provide abstractions for that). Yes, that means that my app would have to keep running and require user interaction on each restart.

1A working example of that is KonBoot which boots before Windows, modifies its parts in RAM and hands the control back to the boot loader. The modifications make it possible to log in as administrator without knowing the original credentials.

In reply to Re: Hide DBI password in scripts by aitap
in thread Hide DBI password in scripts by danielgr

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?

What's my password?
Create A New User
Domain Nodelet?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chilling in the Monastery: (5)
As of 2023-12-03 21:27 GMT
Find Nodes?
    Voting Booth?
    What's your preferred 'use VERSION' for new CPAN modules in 2023?

    Results (20 votes). Check out past polls.