On Sun, 13 Aug 2017, mikeB wrote: > eGreeetings, > I am starting a project that involves encryption of passwords and user names > - storing and recalling them. > > 1st ? = i noticed Gambas can save and recall files from a ".hidden" > directory. If the files are encrypted before > saving to a hidden dir - how secure is this? In other words would an > experienced coder be able to find and > copy these files? Would this be the secure/ recommended way/ place to store > these files? >
The .hidden directory is a normal directory inside your project directory. As the documentation states [1], it contains files that should not go into the Gambas executable. If you store files in there you will in general NOT have them available when your project executes. And something else that is true for all directories in the your project: you should not suppose that any of them is writable at runtime. You can only use them to supply initial encrypted data that is never altered by the program (if that's a good idea depends on your application). [ The whole truth is: you can still access .hidden at runtime and write to any directory in your project tree IF your project is run from the project directory (you have to use absolute paths from Application.Path then). There is no (sane) way to write to project directories from an executable archive (.gambas file). The .gambas files are archives of your project directory, which the interpreter unpacks in memory. Changing an in-memory directory would have no effect on the actual directory stored inside the archive, so it is forbidden from the start. ] But yes, the interpreter can unpack executable archives, so you should suppose that everyone will be able to figure out how to do it as well (they just have to read the Gambas source code). Your data is not protected whatsoever, except by the encryption you apply. > 2nd ? = shelling out to the "gpg" command line to encrypt / decrypt the > password files be a secure way of > doing this or is there a better way (i.e. writing the encryption code within > the Gambas project)? > I can't tell you if it's secure. First of all because I don't know enough about security, and second because we don't know enough about your situation. I remember hearing that security is not a yes/no question. It depends on where your threat comes from (and if you have identified all threats). E.g. suppose that you call "gpg ..." from your program. I'm an attacker and your program allows me to run it(!) (whether this is the case you didn't say). Then I can just modify the PATH environment variable to supply my own version of "gpg" which logs all the passwords you send to it. To write encryption code in your project, there is gb.openssl. But be warned that you have to know what you're doing. For example there are surprisingly many (at least to me when I first read them) considerations to be done when hashing passwords (have a look at [2]). Commonly used hashes are considered *too fast* to be secure, for instance. The site recommends, among others, scrypt for hashing passwords. OpenSSL seems to support it but gb.openssl apparently does not. I may have to look into that sometime. > 3rd ? = Now a GNU question from a real newbie on this subject. With this > type of program (Protected Passwords) > how in the heck could it be released under GNU? Or should it be? Don't > understand how it could possibly be > "protected" if the source code was available to all? > You mean the GPL. Again, I'm no lawyer, but this shouldn't be a problem, unless you want to ship passwords directly with your source code. Why would you do that? Passwords are (normally) user-supplied data, so let the user deal with them, e.g. by storing them away from your project source code inside a directory in the user's $HOME, or something. Your program should just contain the logic to treat passwords, not their values. The security of modern encryption is not derived from their *algorithm* but from *keys*, additional data that is provided to the algorithm alongside the data to be encrypted and those keys have to be kept secret (and not distributed with source code). This is called Kerckhoff's principle [3]. So, if you're doing it right, your source code should be free of sensitive information. Regards, Tobi [1] http://gambaswiki.org/wiki/doc/project_structure [2] https://crackstation.net/hashing-security.htm [3] https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle -- "There's an old saying: Don't change anything... ever!" -- Mr. Monk ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Gambas-user mailing list Gambas-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/gambas-user