hiding salt with C

C

Cliff Cyphers

Does anybody know of an existing C extension that interfaces with ruby
code for the sole purpose of hiding important encryption info, such as
the SALT? When users write encrypt/decrypt methods it would be nice to
call a C interface to obtain the salt/iv. This way general users would
have a harder chance of cracking the encryption. Using this method
wouldn't about the only way to obtain the sensitive data by reading each
RAM address and try to grab the value while that Ruby method executes
while it's calling the C extension.

If one doesn't exists is this something other users would take advantage
of if one was written?

Look forward to all the suggestions!
 
T

Timothy Goddard

The salt doesn't need to be secret. The whole point of modern
encryption methods is that only the secret keys need be hidden. The
only point of a salt is to ensure that if the same data is hashed by
two different services the result will be different and there is no way
to tell that they came from the same data. You can publicly display it
to the world as long as it is different from that of other services.
 
P

Patrick Hurley

Does anybody know of an existing C extension that interfaces with ruby
code for the sole purpose of hiding important encryption info, such as
the SALT? When users write encrypt/decrypt methods it would be nice to
call a C interface to obtain the salt/iv. This way general users would
have a harder chance of cracking the encryption. Using this method
wouldn't about the only way to obtain the sensitive data by reading each
RAM address and try to grab the value while that Ruby method executes
while it's calling the C extension.

If one doesn't exists is this something other users would take advantage
of if one was written?

Look forward to all the suggestions!
Click to expand...

I would suggest just compressing your salt and using zlib to
decompress -- do the operations in two different places. You only
store the compressed version in your code. You could further hide the
salt by using a bit of some part of your code or other reflective
"stuff" and just using the compressed version as the salt. Wrapping it
in a so will not be much stronger.

pth
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Working with openssl and files 2
C extension with progress bar 3
Why does "function hiding" exists in C++ 3
C extension and Ruby threads 3
Problems sending mail with gmail and SMTP 1
swig, c++, use string 6
Difficulty with name-mangling when extending Ruby with Thrust (C++) 0
installing C + Ruby extensions 3

Members online

No members online now.
Total: 32 (members: 0, guests: 32)
Robots: 233

Forum statistics

Threads
473,763
Messages
2,569,563
Members
45,039
Latest member
CasimiraVa

Latest Threads

Top