GC and security

Paul Rubin http
Thu Aug 31 14:01:29 EDT 2006 

Les Schaffer <schaffer at optonline.net> writes:
> keys are on a USB drive key ring. gpg accesses the key ring as needed,
> but in a separate process. and gpg is done with its work early on in our
> app lifetime. comes back at end to encrypt and then app is done.

gpg is fairly careful about passphrases.  Why are you collecting the
passphrase in the Python app instead of letting gpg handle it?

> > Keep in mind that the weakest part of this application is likely to be
> > the passphrase itself.  Is there a way to get rid of it?
> 
> we got some suggestions from other parts of this thread. or do you mean
> getting rid of the need for a passphrase? the passhprase protects the
> private key on the USB drive.

Yes, I mean get rid of the need for a passphrase, though since the
encrypted key is accessible on the USB drive, there's no way around
it.  With smart cards it's generally considered ok to use a short PIN
instead of a passphrase; the card itself enforces a maximum # of
incorrect guesses.

> > Is this data on a laptop?  Why do you want to do encryption in the
> > application, instead of using an encrypted file system?  ...> 
> but the main reason? we were asked to encrypt the MySQL tables carrying
> sensitive information.

Does using an encrypted FS not take care of that?  Also, I think there
are some FS's that use the Windows Crypto API (CAPI) either for bulk
encryption or for key management, so you can use secure passphrases,
hardware tokens, or whatever.

> USB drive holds the GPG key. the drive must be inserted at start of
> application, and must be pulled after authentication otherwise the app
> warns and shuts down. The USB drive carries a digital signature, and
> also encrypted identifying information for the user.

This is better than nothing but it's very easy to duplicate a USB key,
either intentionally or by spilling the contents through a routine
backup procedure, etc.  A crypto token (USB dongle or smart card) is
way preferable for this type of thing.  GPG has smart card support
that you might be able to use:

  http://www.g10code.com/p-card.html
  http://www.gnupg.org/(en)/howtos/card-howto/en/smartcard-howto-single.html

You might want to discuss this on sci.crypt, where specialists hang
out.  As is fairly typical in these situations, it would help a lot if
you could describe the application in more detail.

More information about the Python-list mailing list