hiding salt with C

Discussion in 'Ruby' started by Cliff Cyphers, Aug 26, 2006.

  1. Does anybody know of an existing C extension that interfaces with ruby
    code for the sole purpose of hiding important encryption info, such as
    the SALT? When users write encrypt/decrypt methods it would be nice to
    call a C interface to obtain the salt/iv. This way general users would
    have a harder chance of cracking the encryption. Using this method
    wouldn't about the only way to obtain the sensitive data by reading each
    RAM address and try to grab the value while that Ruby method executes
    while it's calling the C extension.

    If one doesn't exists is this something other users would take advantage
    of if one was written?

    Look forward to all the suggestions!
     
    Cliff Cyphers, Aug 26, 2006
    #1
    1. Advertising

  2. The salt doesn't need to be secret. The whole point of modern
    encryption methods is that only the secret keys need be hidden. The
    only point of a salt is to ensure that if the same data is hashed by
    two different services the result will be different and there is no way
    to tell that they came from the same data. You can publicly display it
    to the world as long as it is different from that of other services.

    Cliff Cyphers wrote:
    > Does anybody know of an existing C extension that interfaces with ruby
    > code for the sole purpose of hiding important encryption info, such as
    > the SALT? When users write encrypt/decrypt methods it would be nice to
    > call a C interface to obtain the salt/iv. This way general users would
    > have a harder chance of cracking the encryption. Using this method
    > wouldn't about the only way to obtain the sensitive data by reading each
    > RAM address and try to grab the value while that Ruby method executes
    > while it's calling the C extension.
    >
    > If one doesn't exists is this something other users would take advantage
    > of if one was written?
    >
    > Look forward to all the suggestions!
     
    Timothy Goddard, Aug 27, 2006
    #2
    1. Advertising

  3. On 8/26/06, Cliff Cyphers <2go.com> wrote:
    > Does anybody know of an existing C extension that interfaces with ruby
    > code for the sole purpose of hiding important encryption info, such as
    > the SALT? When users write encrypt/decrypt methods it would be nice to
    > call a C interface to obtain the salt/iv. This way general users would
    > have a harder chance of cracking the encryption. Using this method
    > wouldn't about the only way to obtain the sensitive data by reading each
    > RAM address and try to grab the value while that Ruby method executes
    > while it's calling the C extension.
    >
    > If one doesn't exists is this something other users would take advantage
    > of if one was written?
    >
    > Look forward to all the suggestions!
    >
    >


    I would suggest just compressing your salt and using zlib to
    decompress -- do the operations in two different places. You only
    store the compressed version in your code. You could further hide the
    salt by using a bit of some part of your code or other reflective
    "stuff" and just using the compressed version as the salt. Wrapping it
    in a so will not be much stronger.

    pth
     
    Patrick Hurley, Aug 27, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=

    Speech Web Application using SALT

    =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=, Dec 31, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    375
    =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=
    Dec 31, 2003
  2. =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=

    Speech Apllication using SALT

    =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=, Jan 2, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    368
    =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=
    Jan 2, 2004
  3. Mark Olbert

    Default AES Salt in ASPNET2 Site

    Mark Olbert, Feb 23, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    449
    Mark Olbert
    Feb 23, 2006
  4. ClaudiaE
    Replies:
    1
    Views:
    589
    Hans Granqvist
    Dec 3, 2003
  5. Florian Lindner

    Generating salt for crypt

    Florian Lindner, Mar 3, 2004, in forum: Python
    Replies:
    1
    Views:
    419
    Dietrich Epp
    Mar 6, 2004
Loading...

Share This Page