I have been designing a system with some super careful cryptographic needs and decided that having the console app administrator type in a sensitive cryptographic password when the app calls for it might be the way to go in my use case.
I was reading that we do not want to store this password (cryptographic key) as a string because it remains immutable in memory and could be found by an attacker via a memory dump. I read that such keys should be a Buffer instead and should immediately be cleared after they are used by invoking bufferVal.fill(0).
However, I have not come across in my study any example of keyboard text going straight into a Buffer. The best I can tell, everything I have found is intermediate strings, which I am trying to avoid.
If someone could help me find a mechanism for a NodeJS console keyboard input going straight to a Buffer instead of a string, that would be great!
See point number 5 in this answer if you are interested in what brought my concern.
Related
My embedded linux gets its data files from an external source (sd card). As this media is easily detachable I'd like to protect it in a certain way.
First idea that comes in mind is to do encryption. I'm afraid though this would take too much processing power. My files are not deeply sensitive, but I don't want that people can put the card into their desktop and see/copy my files. I assume these people know how to mount a standard ext4 drive.
Content is initially loaded on to the disk via a desktop linux box, so the process should be
I wouldn't care too much if the solution is not hack-proof. Basically I want to avoid to have my content copied by the general copycat.
I'm not looking for a turn-key solution, but like to get some pointers into the right direction.
A simple XOR Cipher requires very little processing. The security is limited in the sense that if someone has a both the encrypted and plain-text data, by XOR'ing the two the encryption key is revealed. However so long as you can avoid someone being knowingly in possession of both, and the key itself remains confidential, it may meet your requirements of simplicity and security.
Obviously you need a longer key that the simple 8 bit one in the example in the link. The key itself can be arbitrarily long with no impact on performance.
Does windows clipboard store copied Strings locally, or, as with files, does it only deal with pointers?
If it does, is it possible to modify the clipboard to make a logfile of all Strings that are routed through it?
I would imagine this could be a dangerous tool against people who hide high entropy passwords somewhere deep in their system (maybe encrypted) and then just copy paste them where needed.
It's certainly possible -- there are plenty of commercial keyloggers (this one, for example) that can log text copied to the clipboard.
You're absolutely right that this is a security risk.
Yes, it looks like you can actually log everything that goes through the clipboard with the AddClipboardFormatListener API call: relevant SO question here. Simply pass the handle of your window in as the only parameter. The SetClipboardViewer function will also work for older versions of Windows.
This is certainly a security risk.
This Microsoft forum suggests that the clipboard is stored entirely in memory, and this part of MSDN talks about receiving a global memory handle on the clipboard.
I saw allot of companies offering exe wrappers , but is there any in pdf side security programmatically ?
Well, you can encrypt the PDF. You can also use custom encryption handler and thus make your file unreadable with stock Acrobat or Reader (one will need to install your decryption plugin to Acrobat or Reader to make them understand your encryption). The problem is acrobat's DRM SDK (the one that allow you create encryption plugins) once had enormous cost (smth. like $25K to start). I don't know if this is still the case, though.
Another not-so-bad option is render everything to graphics - this makes text copying harder (though one can print everything and OCR it back).
The short answer is no. When you give someone the ciphertext, key, and cipher they will always be able to reproduce the plaintext. DRM fails universally for just this reason.
The long answer is that you can sometimes try little gimmicky tricks to prevent copying in some circumstances which may "work" if your audience doesn't try breaking it, but not in the general case. You can't really call something secure which is "safe as long as nobody tries to break it".
The PDF format itself has an "owner password" which allows the author to disallow readers from printing the document, modifying it, etc... Of course there's not actually any mechanism for preventing anyone from doing so. If you are trying to prevent the guys in the marketing department from printing it off or something, then maybe. But if you're releasing it out into the Internet, just assume that it can and will be copied however users see fit.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 12 years ago.
Improve this question
Can the contents of the clipboard be encrypted?
For example, say that to circumvent keyloggers, users copy and paste passwords from an encrypted file, but now the password lives unencrypted in the clipboard. Is there a way to prevent this behavior without breaking copy/paste, or running some script function that scrambles the clipboard information.
If you need to supply the unencrypted password to a textfield in order to sign in, then nothing you do before that step can stop malicious users from reading the contents of that textbox. Since there needs to be a point in time where that plaintext string is sent to the textbox.
I think if you have a keylogger you have more important problems than encrypting passwords
To answer your question: It should be possible, but you'd need to dig quite deep into the Windows API for that.
To catch COPY events and encrypt the contents, you could use SetClipboardViewer to get notified of changed to the clipboard. Here is an example on how to do this with C#.
To catch PASTE events and decrypt the contents, you might need to globally hook to WM_PASTE messages.
As a side note: Once a keylogger/trojan/etc. managed to run on your system, it is no longer your system. Encrypting the clipboard or similar techniques don't protect your system, they might just raise the bar for the malware developer to get the information he wants (see Jean-Bernard's answer). Preventing evil code from running on your system in the first place is a much better approach.
If the clipboard information is persisted to the drive then whole disk encryption would do the trick (it sounds like that's the kind of stuff you want to do already anyway based on the question).
But encrypting what's in RAM isn't really an option. At some point the OS and applications read that memory and need to know what to do with it. It has to be unencrypted somewhere in the active hardware of the machine in order to be used.
You could certainly encrypt the data, copy it to the clipboard, and then in another instance of your app, paste it, decrypt it. But this is only useful if the source/destination agree on the encryption. i.e. written by the same guy. In that case, you'd be better off NOT using the clipboard, and setting up some sort of private data channel instead.
So while you can do it, it's not practical.
You could do that by encrypting your data for your application before the copy, but it really depends on the language you would use.
And decrypt on the paste, but again on your application. You can't do that for all your system; it would mean modifications on your OS...
I'm writing an application which implements copy-and-paste: therefore I use a system API to read data from the clipboard.
If I can't read unencrypted data then copy-and-paste is broken, but if I can then so could any other installed program (including a keylogger).
If someone has privileges to install a keylogger that has clipboard access, he most likely has privileges to get the decryption key of the clipboard as well. Cryptography is not a substitute for access control.
In our business, we require to log every request/response which coming to our server.
At this time being, we are using xml as standard implementation.
Log files are used if we need to debug/trace some error.
I am kind of curious if we switch to protocol buffers, since it is binary, what will be the best way to log request/response to file?
For example:
FileOutputStream output = new FileOutputStream("\\files\log.txt");
request.build().writeTo(outout);
For anyone who has used protocol buffers in your application, how do you log your request/response, just in case we need it for debugging purpose?
TL;DR: write debugging logs in text, write long-term logs in binary.
There are at least two ways you can do this logging (and maybe, in fact, you should do both):
Writing your logs in text format. This is good for debugging and quickly checking for problems with your eyes.
Writing your logs in binary format - this will make future analysis much quicker since you can load the data using same protocol buffers code and do all kinds of things on them.
Quite honestly, this is more or less the way this is done at the place this technology came from.
We use the ShortDebugString() method on the C++ object to write down a human-readable version of all incoming and outgoing messages to a text-file. ShortDebugString() returns a one-line version of the same string returned by the toString() method in Java. Not sure how easy it is to accomplish the same thing in Java.
If you have competing needs for logging and performance then I suppose you could dump your binary data to the file as-is, with perhaps each record preceded by a tag containing a timestamp and a length value so you'll know where this particular bit of data ends. But I hasten to admit this is very ugly. You will need to write a utility to read and analyze this file, and will be helpless without that utility.
A more reasonable solution would be to dump your binary data in text form. I'm thinking of "lines" of text, again starting with whatever tagging information you find relevant, followed by some length information in decimal or hex, followed by as many hex bytes as needed to dump your buffer - thus you could end up with some fairly long lines. But since the file is line structured, you can use text-oriented tools (an editor in the simplest case) to work with it. Hex dumping essentially means you are using two bytes in the log to represent one byte of data (plus a bit of overhead). Heh, disk space is cheap these days.
If those binary buffers have a fairly consistent structure, you could even break out and label fields (or something like that) so your data becomes a little more human readable and, more importantly, better searchable. Of course it's up to you how much effort you want to sink into making your log records look pretty; but the time spent here may well pay off a little later in analysis.
If you've non-ASCII character strings in your messages, simply logging them by using implicit or explicit call to toString would escape the characters.
"오늘은 무슨 요일입니까?" becomes "\354\230\244\353\212\230\354\235\200 \353\254\264\354\212\250 \354\232\224\354\235\274\354\236\205\353\213\210\352\271\214?"
If you want to retain the non-ASCII characters, use TextFormat.printer().escapingNonAscii(false).printToString(message).
See this answer for more details.