Encrypting a string value

Kent Borg kentborg at borg.org
Fri Oct 16 20:27:01 UTC 2009 

Ray Parrish asked about encryption...

Encryption is cool stuff, but it is limited. A little like locksmithing:
the coolest lock isn't any good if it is installed wrong, put in a weak
door, installed next to an open window, if they key is hanging on a
little hook next to the door, if the backdoor is open, if the side wall
of the house is simply not there, if the nice lady next door has a key
and will let in anyone who asks nicely, etc.

When deploying encryption there are a host of analogous mistakes that
can make it useless, and because this is computers, there are a lot of
ways to make mistakes and not realize it (it is hard to even be sure the
"side wall of the house" is present with computers). It is not
impossible to get it right, but it can be hard.

If you are doing anything truly sensitive, design cleanly, be very
careful and methodical, document your code, worry about security in
terms of the larger system (understand the larger system), carefully
understand components like GPG that you might be deploying, double check
your work. Write a separate security analysis of you own code, figure
out what your own weakest spots are.

And then have someone else check your design and code--carefully. Ask
him/er to find any bugs, to find any weak spots, and to write an
independent security analysis. Make sure your checker really is being
skeptical and his/er security analysis is at least as probing as your own.

If you are doing something simple this need not be a ton of extra work,
but it can make the difference between whether your encryption actually
does anything or not.


However, if what you are doing is not sensitive, then unless you enjoy
the intellectual exercise don't worry about such fancy reviews--but
without careful review you also must assume that you have done something
stupid in your programming that renders the encryption useless.


-kb, the Kent who has a ton of opinions about security, and none of them
deal with managing MS Windows machines because that is a lost cause.



P.S. Here is another way of looking at it: It is easy to program bugs.
If a bug makes a feature not work maybe it gets discovered and maybe it
gets fixed. If, on the other hand, the bug makes for a security hole
there is usually only one way to find it: by analysis (and maybe some
very clever testing). If the security is important you can arrange to
have this analysis done by someone on your side who will tell you what
to fix, or you can wait until maybe a bad guy does the analysis. (Or,
keep your fingers crossed and pray.)

More information about the ubuntu-users mailing list