Couldn't the data file be encrypted?
Hi Matt,
If "I" (as another local user on a machine you're using) can read
this location, "I" can also read your documents, cookies, browser
history, etc.
Every modern, mainstream OS from Windows 2000 onwards has some
semblance of filesystem security; this is a much more sensible place
to start if you don't want others reading your files. Not allowing
"ANYONE" (I believe that's what windows calls the group) to read your
firefox profile would solve your problem, in a non-hacky, non-messy
way.
Regards,
Shaun
If someone can do this, you lose, no matter what. If somebody can get
local access to a machine, they can install key loggers and get all
your passwords. They can record all the data going in and out. If the
machine you're sitting as is insecure, it's game over. Whether you use
Gears or not.
I'm not saying there's nothing we can do here. I think there may be
some interesting options. But anything we do is going to have pretty
rough usability tradeoffs, and its not a simple "just encrypt the
database file!" type of thing.
- a
I think there's a bit of a false dichotomy being presented here. It's
don't think it's a case of being 100% secure or not bothering at all.
Most hacks don't escape the "sandbox" they're running in, or at least
don't get very far out of it. Root escalation is fairly rare, and I'd
hazard a guess that more laptops get physically stolen than root
hacks.
We could protect the database data by encrypting it against a user
supplied password. That would make it much less likely to be
compromised. At the moment all it takes is for the browser sandbox to
be escaped (e.g the current Flash flaw) and to POST the standard
location your mail is kept in to a remote site. Yes, you could still
figure out the password, hash or whatever used to encrypt it, but
we're going from a program a 12 year old could write to something
vastly more complex.
John.
2008/5/29 Brad Garcia <bga...@google.com>:
* User types password.
* Hash the password (e.g SHA-256 generates 256 bits).
* Generate some random data (e.g 256 bits).
* Encrypt the random data with the hashed password (XOR will do, no joke).
* Use the encrypted random data as the (256 bit) key for the database.
Accessing data would go like this:
* User types password, SHA-256 hashed to 256 bits.
* XOR with the key.
* Use the XOR'd key to access the database.
Then changing the password would involve:
* Enter old password, SHA-256 hash.
* Enter new password, SHA-256 hash.
* XOR the hashes.
* Use the result to XOR the 256 bit key. Save.
* The key can now only be used with the new password.
Basically another layer of indirection for the encryption key. I'm no
crypto expert, this probably has tons of related-key holes in it, it
needs salting, and a pinch of salt :)
As for loss of data - this isn't that big an issue for web
applications that sync offline:
* User loses password.
* Opts to reset database.
* Application syncs the entire database from remote again.
If the data only ever lives locally... it's a big problem.
I'm still wondering if it's possible to build a system where you only
need a single password for both online and offline access. That would
make the user experience uniform. I know there's a lot of fundamental
issues single password, but it still nags me that it might just be
possible.
John.
2008/5/30 John Leach <john....@syger.com>:
There is another tricky issue here. Most users choose weak passwords.
A server can rate-limit any brute force dictionary attacks. But with
client-side encryption, the dictionary attack takes just a second.
And even worse, now the attacker has your online password. (Most
users will use the same offline and online passwords.)
* The database is encrypted with a randomly chosen 256 bit key.
* The key is stored in the database, encrypted by a password.
* To access the database contents, you need to decrypt the key, which
needs the password.
* To change your password without losing access to the database, you
just need to decrypt the key with the old password, then re-encrypt
with the new one.
The user's password never gets stored as plain text anywhere (except
during entry), and the access key is just 256 bits of junk only useful
to that database.
John.
2008/5/30 John Leach <john....@syger.com>:
>