From: Peter Lind on
On 12 August 2010 09:48, Adam Richardson <simpleshot(a)gmail.com> wrote:
> On Wed, Aug 11, 2010 at 6:50 PM, tedd <tedd(a)sperling.com> wrote:

*snip*

>
>   1. MD5 - Use of this old algorithm to produce your keys limits your key
>   space due to collisions AND the fact that 3DES accepts keys longer than the
>   128 bit output MD5 produces.  Additionally, only 64 bits of the MD5 digest
>   are utilized in the 3DES initialization vector.

Good point about the key based on md5. Whether or not the key would be
too short depends upon how md5() was used though - if the default was
used, the key would be long enough (32 char string) but even weaker -
keyspace of 16^24 vs. 128^16.

Regards
Peter

--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
</hype>
From: tedd on
At 8:09 PM -0400 8/11/10, Bastien Koert wrote:
>From my experience, I'd have to say that it would be a real tough go
>to crack that. If there was a weak point in the scheme is that your
>end result pattern ( the ssn ) is defined with a pair of constants,
>the hyphens. In our scheme we remove the dashes and just provide a
>mask for display. We also keep a unique key with each ssn, the record
>number for extra security.

The SS numbers can be stored in any format (with/without hyphens,
reversed, transposed, predetermined mixing, whatever).

Of course, there can be another field where a unique key is kept, but
I'm not sure how that might improve security.

>Where to keep it is tougher, OWASP suggests that the keys be stored on
>another non web facing server, with a locked down filesystem. That
>would be best if you have the hardware available.

So that I understand, you are talking about two web sites where one
(domain1.com) would contain/run the scripts and the other
(domain2.com) contained the keys.

It would work like so:

When the script launches in domain1.com, the script would ask (after
authorization) domain2.com for the keys, which are kept in a locked
directory. After which the Encryption/Decryption scheme would work.

Is that it?

>One other option here is to load the keys into ram on server start
>up and never have
>them physically on the machine.

I'm not sure as to how to make that work. But I assume that it
requires a dedicated server, right?

Cheers,

tedd

--
-------
http://sperling.com/
From: tedd on
At 3:48 AM -0400 8/12/10, Adam Richardson wrote:
-- snip excellent points --

>Of note, SS#'s are a special piece of data, not only because of their power,
>but because of their lifetime (normally as long as the individual lives.)
> This is very different from a credit card which gets updated every 5 years
>or so, and is easily changed if needed. You have to ask yourself if the
>encryption/security scheme can be counted on to protect this data many years
>from now.

Agreed and understood.

>In summary, I wouldn't use this scheme for storing SS#'s in a large DB, as
>it would keep me awake at night. If the DB was ever compromised, I would
>NOT HAVE CONFIDENCE IN THE ENCRYPTION'S ABILITY TO PROTECT THE SS#'s. The
>probabilities are just to poor when compared to other, better
>algorithms/schemes available.

What do you recommend? Do you have code/reference?

>However, if this is just a "Tedd" special for storing a few SS#'s on your
>home computer/network, I wouldn't worry too much because 1) it's your SS#,
>not mine, and more importantly 2) such a small set of SS#'s wouldn't be
>analyzed because it wouldn't merit the processing power/time (unless you get
>really, really rich really really quick ;)


:-)

This isn't a "Tedd's" special for storing my SS#'s on my own
computer, but rather an honest attempt to better understand and
implement a prudent Encryption/Decryption scheme.

Not that you said otherwise, but I am capable of understanding how
these things work. My problem is that I am not current on what
practice is best. It seems to me that things change so fast that when
you become to rely on one solution, it goes out of date and is
replaced with something else.

Cheers,

tedd

--
-------
http://sperling.com/
From: "Bob McConnell" on
From: tedd

> At 8:09 PM -0400 8/11/10, Bastien Koert wrote:
>>From my experience, I'd have to say that it would be a real tough go
>>to crack that. If there was a weak point in the scheme is that your
>>end result pattern ( the ssn ) is defined with a pair of constants,
>>the hyphens. In our scheme we remove the dashes and just provide a
>>mask for display. We also keep a unique key with each ssn, the record
>>number for extra security.
>
> The SS numbers can be stored in any format (with/without hyphens,
> reversed, transposed, predetermined mixing, whatever).
>
> Of course, there can be another field where a unique key is kept, but
> I'm not sure how that might improve security.
>
>>Where to keep it is tougher, OWASP suggests that the keys be stored on
>>another non web facing server, with a locked down filesystem. That
>>would be best if you have the hardware available.
>
> So that I understand, you are talking about two web sites where one
> (domain1.com) would contain/run the scripts and the other
> (domain2.com) contained the keys.
>
> It would work like so:
>
> When the script launches in domain1.com, the script would ask (after
> authorization) domain2.com for the keys, which are kept in a locked
> directory. After which the Encryption/Decryption scheme would work.
>
> Is that it?
>
>>One other option here is to load the keys into ram on server start
>>up and never have
>>them physically on the machine.
>
> I'm not sure as to how to make that work. But I assume that it
> requires a dedicated server, right?

If I might make a suggestion or two.

1. Put all of the data on a separate DB server that is not accessible
from the Internet, but only through authorized access to the web server.
The data should still be encrypted, but at least you can eliminated
brute force attacks. Even though the data is necessary for your client's
business, it is still privileged information as far as his targets and
the government are concerned. Treat it accordingly.

2. Spend some time reading all of the OWASP[1] guidelines and implement
as many of them as you feasibly can. That might cost some time (and
money) but will be better for your client in the long run. He reduces
both his exposure and liability while still being able to use that data.

3. Spend some time reading the PCI requirements in your country and try
to implement as many of those as possible. But keep in mind that they
exist solely to protect the credit card issuers. You need to figure out
how far you need to go in order to protect your client.

Bob McConnell

[1] <http://www.owasp.org/index.php/Main_Page>
From: Bastien Koert on
On Thu, Aug 12, 2010 at 10:00 AM, tedd <tedd(a)sperling.com> wrote:
> At 8:09 PM -0400 8/11/10, Bastien Koert wrote:
>>
>> From my experience, I'd have to say that it would be a real tough go
>> to crack that. If there was a weak point in the scheme is that your
>> end result pattern ( the ssn ) is defined with a pair of constants,
>> the hyphens. In our scheme we remove the dashes and just provide a
>> mask for display. We also keep a unique key with each ssn, the record
>> number for extra security.
>
> The SS numbers can be stored in any format (with/without hyphens, reversed,
> transposed, predetermined mixing, whatever).
>
> Of course, there can be another field where a unique key is kept, but I'm
> not sure how that might improve security.

Just adds another layer to it.

>
>> Where to keep it is tougher, OWASP suggests that the keys be stored on
>> another non web facing server, with a locked down filesystem. That
>> would be best if you have the hardware available.
>
> So that I understand, you are talking about two web sites where one
> (domain1.com) would contain/run the scripts and the other (domain2.com)
> contained the keys.
>
> It would work like so:
>
> When the script launches in domain1.com, the script would ask (after
> authorization) domain2.com for the keys, which are kept in a locked
> directory. After which the Encryption/Decryption scheme would work.
>
> Is that it?

correct

>
>> One other option here is to load the keys into ram on server start up and
>> never have
>> them physically on the machine.
>
> I'm not sure as to how to make that work. But I assume that it requires a
> dedicated server, right?

Yes, you would need a non web facing machine

>
> Cheers,
>
> tedd
>
> --
> -------
> http://sperling.com/
>



--

Bastien

Cat, the other other white meat