On 8/30/06, Cliff Cyphers <cdc / cyphers.dns2go.com> wrote:
> What do you do in the situation where the key is in a store protected by
> a passphrase?  And one's application needs to run in the background and
> can't accept user input.  Aren't you still in the same position? Need a
> way to hide the key/passphrase.

It depends on several factors:
- what are your target criteria for security
  - what attack do you want to prevent by encryption - i.e. up to what
level of reverse    engineering (looking at ruby sources, debugging
executable code,...)
  - what access has the attacker to the machine and/or to the code
  - etc.
then:
- it's hard to keep the password on the computer where attacker has
access to. From that point, it's just a matter of who of you is
willing to put more effort.

possible solutions:
- ask the password when the thing starts, and keep in the memory;
- use closed C module to do the encryption/decryption (and try to
prevent running the module by the attacker) with memory locking,
permissions etc.
- use hardware crypto device (aka smartcard. you can pull it off the
system, and you can assume the keys in it are safe, and it is not
duplicable)
- forget sesions keys asap
- make key exchanges unrepeatable