From ngps at POST1.COM Mon Jun 2 18:06:00 2003 From: ngps at POST1.COM (Ng Pheng Siong) Date: Tue, 3 Jun 2003 00:06:00 +0800 Subject: [PYTHON-CRYPTO] AES in M2Crypto advice In-Reply-To: <200305311336.38234.jason@oes.co.th> References: <200305311336.38234.jason@oes.co.th> Message-ID: <20030602160600.GA572@vista.netmemetic.com> On Sat, May 31, 2003 at 01:36:31PM +0700, Jason H. Smith wrote: > First, a quick question, if I may. I did not follow the instructions in > INSTALL saying to modify distutils. Instead, I simply symlinked swig/ to > SWIG, and it looks fine. Did I mess anything up? Hi, Yes, it's fine. I should do that for my source, too. ;-) > But mainly, I want to solicit advice for using AES in CBC mode to send an > entire hard drive image over TCP. Let's talk a little higher-level: Content security: encrypting your disk image so that its content is secure should the encrypted image fall into the wrong hands. Communication security, a la SSH or SSL: your content is secure while it is moving across the wire; at the end points the content is in the clear. Of course, you can transmit secured content, say, a PGP message, over SSH or SSL. What are you attempting to do? What are you protecting against? Must you write a new program to do the low-level crypto? Can you not compose existing tools to achieve your objectives? > Thus far, I am basically using this procedure: > 1) key = md5 hash of a passphrase > 2) iv = whatever > 3) create a BIO.MemoryBuffer object > 4) read a 10MB chunk > 5) a) create a BIO.CipherStream object > b) set_cipher('aes_128_cbc', key, iv, 1) > 6) encrypt the block, following demo/bio_ciph_test.py > 7) write the ciphertext > 7) set new iv = ciphertext[-16:] > 8) go back to step 4 Some thoughts: 1. There aren't unit tests for BIO.CipherStream, meaning it may be buggy. ;-) 2. I think evp_ciph_test.py has an easier model: def cipher_filter(cipher, inf, outf): while 1: buf=inf.read() if not buf: break outf.write(cipher.update(buf)) outf.write(cipher.final()) return outf.getvalue() def test_cipher(algo): otxt='against stupidity the gods themselves contend in vain' print 'testing', algo, '...', k=EVP.Cipher(algo, 'goethe','12345678', enc, 1, 'sha1', 'salt', 5) pbuf=cStringIO.StringIO(otxt) cbuf=cStringIO.StringIO() ctxt=cipher_filter(k, pbuf, cbuf) pbuf.close() cbuf.close() The function cipher_filter, with variation, is what I use in my own code. Set up the cipher as in test_cipher. Pass in file objects for inf and outf. (Remove the last line that says outf.getvalue(). Maybe also remove the next-to-last line, depending on your calling code.) But do first consider the high-level issues of what you're doing. Cheers. -- Ng Pheng Siong http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes http://www.post1.com/home/ngps -+- Open Source Python Crypto & SSL From jason at OES.CO.TH Mon Jun 2 19:13:17 2003 From: jason at OES.CO.TH (Jason H. Smith) Date: Tue, 3 Jun 2003 00:13:17 +0700 Subject: [PYTHON-CRYPTO] AES in M2Crypto advice In-Reply-To: <20030602160600.GA572@vista.netmemetic.com> References: <200305311336.38234.jason@oes.co.th> <20030602160600.GA572@vista.netmemetic.com> Message-ID: <200306030013.22666.jason@oes.co.th> On Monday 02 June 2003 11:06 pm, Ng Pheng Siong wrote: > Let's talk a little higher-level: > > Content security: encrypting your disk image so that its content is > secure should the encrypted image fall into the wrong hands. > > Communication security, a la SSH or SSL: your content is secure while > it is moving across the wire; at the end points the content is in the > clear. To clarify, I can explain the project. I recently posted to the Python newsgroup, but I will briefly explain here, too. Basically, I'm writing a Knoppix derivitive that uses zeroconf and SLP to easily do a full backup or restore of e.g. your laptop's hard drive, storing the image on a network file server. The server part can be implemented farily easily by a Unix admin; but it works out of the box with my company's upcoming file servers. The problem is, the system administrator, or an intruder, should not have access to, say, the CEO's laptop image; so there's the encryption requirement. Also, I want this to be compatible with any SMB (mabye NFS) file server, so encryption is done on the client machine before it hits the wire. So, with that requirement, I get on-the-wire encryption for free. And of course, the image sits on the server protected via AES and an ostensibly strong passphrase. (Although a TODO of mine is to use a random encryption key; and once the backup is made, the file server burns a custom restore CD exactly like the original except with the key hard-coded into the restore software. This way, the security is not a matter of good or bad passphrases. Now, it's a matter of keeping an important CDROM safe, which is much more intuitive to your average employee.) > What are you attempting to do? What are you protecting against? Must > you write a new program to do the low-level crypto? Can you not compose > existing tools to achieve your objectives? What do you mean by low-level crypto? This is Python, after all! :p Hopefully, though, I've clarified above. Thanks for the implementation advice, as well. I'm relatively new to Python and GUI programming. So I'm still boggling over the correct approach. Best. -- GPG: 03EE 9EB8 E500 874A F509 7B95 9B9A 84A1 26E9 4F79 http://www.ece.utexas.edu/~jhs/public_key.gpg -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature URL: From ngps at POST1.COM Thu Jun 5 08:46:05 2003 From: ngps at POST1.COM (Ng Pheng Siong) Date: Thu, 5 Jun 2003 14:46:05 +0800 Subject: [PYTHON-CRYPTO] AES in M2Crypto advice In-Reply-To: <200306030013.22666.jason@oes.co.th> References: <200305311336.38234.jason@oes.co.th> <20030602160600.GA572@vista.netmemetic.com> <200306030013.22666.jason@oes.co.th> Message-ID: <20030605064605.GB712@vista.netmemetic.com> On Tue, Jun 03, 2003 at 12:13:17AM +0700, Jason H. Smith wrote: Content-Description: signed data > The problem is, the system administrator, or an intruder, should not have > access to, say, the CEO's laptop image; so there's the encryption > requirement. IMHO, it is more important that the thief who steals the CEO's laptop or the subsequent black market buyer do not get access to the files on it. Install a crypto filesystem type thingy on the laptop and train the CEO to use it properly. Then just backup the disk image normally; sensitive stuff should already be secured by the crypto filesystem. You can escrow the passphrase with the corporate lawyers or, ahem, a trusted third party. (Not your $25 SSL cert vendor, fer sure. ;-) > Thanks for the implementation advice, as well. I'm relatively new to > Python and GUI programming. So I'm still boggling over the correct > approach. Yes, having fun is important too. ;-) -- Ng Pheng Siong http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes http://www.post1.com/home/ngps -+- Open Source Python Crypto & SSL From jason at OES.CO.TH Thu Jun 5 09:12:02 2003 From: jason at OES.CO.TH (Jason H. Smith) Date: Thu, 5 Jun 2003 14:12:02 +0700 Subject: [PYTHON-CRYPTO] AES in M2Crypto advice In-Reply-To: <20030605064605.GB712@vista.netmemetic.com> References: <200305311336.38234.jason@oes.co.th> <200306030013.22666.jason@oes.co.th> <20030605064605.GB712@vista.netmemetic.com> Message-ID: <200306051412.06696.jason@oes.co.th> On Thursday 05 June 2003 01:46 pm, Ng Pheng Siong wrote: > IMHO, it is more important that the thief who steals the CEO's laptop > or the subsequent black market buyer do not get access to the files on > it. > > Install a crypto filesystem type thingy on the laptop and train the CEO > to use it properly. Then just backup the disk image normally; sensitive Surely. But these days, that might be a tall order. CEOs aren't known for openly accepting security technology (and its implied inconveniences). So we'll start small; and when it dawns on him or her that the backups are more secure than the laptop itself, that's when we make our move! But joking aside, I think your average corporate executive understands meatspace security much better. For example, most will implement a good security system, perhaps with guards. They will lock their office when they leave, and (presumably) they will never let their laptop out of their site, because they know how important it is. But computer security is more mysterious and confusing, so I think it's harder for some executives to make a good informed decision (witness IIS deployment statistics). That's why it's very important for crypto and security in general to be as user-friendly as possible as the mainstream world becomes dependent on it. For example, bad passwords are human nature; and I think no amount of education will solve it. That's why token-based authentication is smarter. People know not to lend out their credit card or house keys; and so they'll naturally guard their smart ID card for accessing the financial database or whatever. Personally, I can't wait for every PC to come with a smart card reader. Anyway, that's enough OT for me for one day ;) -- GPG: 03EE 9EB8 E500 874A F509 7B95 9B9A 84A1 26E9 4F79 http://www.ece.utexas.edu/~jhs/public_key.gpg -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature URL: From ngps at POST1.COM Mon Jun 23 20:47:41 2003 From: ngps at POST1.COM (Ng Pheng Siong) Date: Tue, 24 Jun 2003 02:47:41 +0800 Subject: [PYTHON-CRYPTO] [Announce] M2Crypto 0.11 Message-ID: <20030623184741.GA1536@vista.netmemetic.com> Hi, M2Crypto 0.11 is now available. What's new: - Fixes to memory leaks. (Thanks Dave Berkeley and Brent Chun.) - ZServerSSL updated for Zope 2.6.1. - ZSmime on Zope 2.6.1 interoperates with Mozilla 1.1. (No code change.) As usual, M2Crypto is here: http://www.post1.com/home/ngps/m2 Cheers. -- Ng Pheng Siong http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes http://www.post1.com/home/ngps -+- Open Source Python Crypto & SSL