Subject | Re: [firebird-support] Re: Undocumented internal encrypt/decrypt in FB |
---|---|
Author | Geoff Worboys |
Post date | 2007-07-20T00:56:27Z |
>>> In my case, I'm not trying to prevent some agency of aIt would be really nice if some simple hooks could be used to
>>> national government from reading my stuff, I'd just like to
>>> make it a little harder for an unscrupulous competitor to
>>> make off with my specialized database unbeknownst to me.
>>> Swapping the security database is trivial and well
>>> documented (moving the stone), but most wouldn't bother with
>>> DLLs and hacking, because the return isn't worth the effort
>>> they'd have to exert and because it's apt to leave tracks
>>> and if they're caught they're guilty of a serious Federal
>>> (US, anyway) crime. Without the "cheap padlock" I'm likely
>>> down to arguing a civil suit about a copyright violation.
>>
>> I have to agree completely with everything you wrote.
>>
>> Pepak
>>
> I would like to add my voice to this view also.
achieve a worthwhile level of deterrent, but it is not likely.
If we are talking about conventional theft then you already
have real locks on the doors to the office. Firebird already
has reasonable security against remote attack. What we have
been discussing is how to protect the database from attack by
those that do have direct access to the server, and so can
copy the database directly if desired - and if that is possible
you have to assume that they can do pretty much anything they
want on the server. The client to which you have supplied the
software is in this position, as is anyone that that client
allows to access the server.
The suggestion is "most wouldn't bother with DLLs and hacking,
because the return isn't worth the effort". How can ANYONE
have such notions given the current world of rootkits, trojans,
drive-by-download-sites, phishing attacks and so on. These
attacks are opportunistic, just hoping to find something worth
while. Your database uses an open source product that I can
use to analyse the best places to patch to make encryption by
the hooks useless. Your data must be worth very little indeed
if the small amount of effort involved is not worth the return.
Another argument presented includes: "everyone knows about
replacing the security database". Dont you believe that the
moment it is possible to generically work around the encrypt
hooks that it will also be a case of "everyone knows" (or at
least everyone that wants to steal your data ;-).
And another one: "it wouldn't be perfect, it would certainly
be something better than the nothing we have now". This is
quite misleading. _IF_ there were significant deterrent effect
then it would be better, but the fact is that it would offer
almost no protection so pretending otherwise is potentially
harmful. (Will you be tempted to use the hooks if they come
with the disclaimer: "any security obtained by using these
hooks is purely coincidental"? :-)
The protection you propose might stop youself, but that is
not usually the point.
Perhaps the problem is that people have gotten used to all the
snake-oil being sold.
http://www.schneier.com/crypto-gram-9902.html#snakeoil
For years we have had products that stick up a password dialog
or says it uses encryption so that we feel secure. Meanwhile
many companies make a fortune by retrieving lost passwords and
documents. Take a look at:
http://www.accessdata.com/catalog/partdetail.aspx?partno=10000
where it says:
"Guaranteed recovery of lost passwords for MS Office 97/2000
products including Word and Excel. Now includes Adobe Acrobat
(PDF) file decryption! DNA puts idle time to work."
I read another article about breaking passwords on documents of
another type; the developer put redundant loops in his code so
that it would not finish so fast - he wanted people to think
the program had to do _some_ work to break it. :-)
However if pretending it is secure will make you feel better...
I am not a FB core developer, you could try to request this on
the development list or put it up on the issue tracker. Check
it is not already there first, I found these two related items:
http://tracker.firebirdsql.org/browse/CORE-657
http://tracker.firebirdsql.org/browse/CORE-848
The first is a serious item hoping to obtain some actual
security, the second I believe has similar aims to yourselves.
If you put a bit of money towards it then you may improve your
chances of getting this bit of delusion added to Firebird.
--
Geoff Worboys
Telesis Computing