| Subject | Re: Re : [Firebird-Architect] Database Password |
|---|---|
| Author | Alexandre Benson Smith |
| Post date | 2008-10-14T21:17:29Z |
Roman Rokytskyy wrote:
The physical security to the server is a must, I am talking when this
security is broken.
it was about all the versions. For the embedded engine your approach to
check the binaries integrity inside the application is the only possible
solution, and make it harder to the attacker disassembly or patch the
place where the signature is stored and/or checked. We must not forget
that in most cases the "security" check is something like:
if SHA('fbembed.dll') = '1234567890ABCDEF' then
OpenDatabase('mydatabase.fdb', My_Encryption_Key)
else
ShowMessage('Hey you forged the engine I will not tell you my
password !')
And is bypassed with a single byte patch (change JNE to JE or a JNZ to
JZ) in a few minutes.
--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br
>> I don't think the key should be passed by the client, the client shouldWhen the volume is mounted anyone could copy it.
>> have no idea that the database is encrypted. It's a server task only.
>>
>> Taking into account that the engine executable could be compromised, I
>> think that this is up to the server administrator to verify the FB
>> binaries before provide any password, comparing it to some signatures
>> stored in a safe place (a USB stick is enough to hold a tiny application
>> that compares to the expected SHA signatures). Any kind of built in
>> protection could be easily bypassed by someone with a custom FB build.
>>
>
> If we talk about the server, I think there is definitely easier solution
> with encryption than the one you propose - put the database file on the
> encrypted file system (like TrueCrypt) and tell the server admin to
> prevent anybody except Firebird process to access it.
>
The physical security to the server is a must, I am talking when this
security is broken.
> But so far the discussion was about the embedded engine - the softwareI didn't realize that the discussion was about embedded engine... For me
> is distributed with the fbembed.dll and database.fdb, no control over
> who has access to the files. And this approach does not work - it is
> always possible to forge a version of Firebird that will dump the keys.
>
it was about all the versions. For the embedded engine your approach to
check the binaries integrity inside the application is the only possible
solution, and make it harder to the attacker disassembly or patch the
place where the signature is stored and/or checked. We must not forget
that in most cases the "security" check is something like:
if SHA('fbembed.dll') = '1234567890ABCDEF' then
OpenDatabase('mydatabase.fdb', My_Encryption_Key)
else
ShowMessage('Hey you forged the engine I will not tell you my
password !')
And is bypassed with a single byte patch (change JNE to JE or a JNZ to
JZ) in a few minutes.
> Romansee you !
>
--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br