mailing list archives
Re: Obfuscating sensitive data? (was: response to tax software not encrypting tax info)
From: Dan Harkless <bugtraq () harkless org>
Date: Fri, 14 Mar 2003 14:51:19 -0800
Andreas Beck <becka () bedatec de> writes:
2) If 1) cannot be done for some reason, use _strong_ encryption to
_encrypt_ the data. XORing them with "wrdlbrmft" will just make an
attacker laugh, assuming he is just a bit smarter than a piece of wood.
Never just obfuscate the passwords by using a generic key. Even if
the app picks one individual key at installation time, it has to be
stored somewhere and when you can retrieve the file, chances are, that
you can as well retrieve the stored key.
A more important argument against the application picking a random key at
installation time is that if it gets lost (e.g. due to disk or registry
corruption), the user's data is gone (which could have serious results in
cases such as tax programs).
Any secret required to decrypt the data should be supplied by the user so
that they can take whatever steps are appropriate to make sure it doesn't
IMHIO obfuscating data serves only one purpose: Not giving away Information
to someone _briefly_ _viewing_ over the file. That's o.k. to keep the
sysadmin from the temptation to hit a user that picks a weak or offensive
password with a wet haddock. It's as well o.k. to guard a password against
a coworker that happened to look over your shoulder when you opened the
wrong file. But it is NOT o.k., if an attacker can retrieve the file and
play around with it all day.
Obfuscation should never be encouraged over encryption, but obfuscation is
certainly better than nothing (cleartext). Your comparison ignores the fact
that the vast majority of people stumbling across someone's tax return on a
file sharing network would have neither the inclination nor the ability to
write or find software capable of de-obfuscation.
Naturally true encryption is greatly desired just in case a true attacker
_is_ out there, but obfuscation will certainly protect against that 99.x% of
the population that _could_ download your tax return if they wanted to, but
won't (or won't figure out how to get the obfuscated info out of it if they
bugtraq () harkless org