Re: How to secure a MySQL database from people with physical acce ss

2003-05-29 Thread Michael T. Babcock
On Tue, May 27, 2003 at 03:43:14PM -0500, mos wrote:
> Correct, which is why I have a means of compressing and *encrypting* the 
> .exe file. I can also lock it to the person's machine (or server) so it 
> won't fall into the wrong hands.

All such methods have been broken.

If they weren't, the major software companies would all be using them to
prevent cracking ... remember that the EXE has to decrypt itself.

Usually it contains an obfuscated series of jumps that decrypt its image
in memory while at the same time changing word offsets within the image
so the decompile looks wrong from within a debugger.

A couple anti-tracing measures and it makes it pretty hard to reverse-
engineer, but people still do it.

> Other databases that use encryption will decrypt the information when a row 
> is accessed, so there is no unencrypted data lying on the hard drive. It is 
> extremely fast and I don't notice a speed difference between encrypted and 

If I were going to trust anything to be secure, it would involve data that was
encrypted to the public keys of the users who deserve access *before* being
sent to the database for storage.  This of course prevents the use of indexing.

Anything else has the problems others have mentionned.
-- 
Michael T. Babcock
CTO, FibreSpeed Ltd. (Hosting, Security, Consultation, Database, etc)
http://www.fibrespeed.net/~mbabcock/


pgp0.pgp
Description: PGP signature


RE: How to secure a MySQL database from people with physical acce ss

2003-05-27 Thread mos
At 11:36 AM 5/27/2003, you wrote:


> -Original Message-
> From: mos [mailto:[EMAIL PROTECTED]
> I could encrypt certain table fields, but this will make
> writing the front
> end a pain because all SQL statements will now need to be
> changed any time
> a new column is encrypted.
It also won't help you any, because the software will have to contain
everything needed to do the decryption.  Unless you can somehow prevent a
hypothetical attacker from getting this software, your encryption is only
going to keep a casual attacker out.  All he has to do is decompile the
software enough to figure out your encryption routine.
Correct, which is why I have a means of compressing and *encrypting* the 
.exe file. I can also lock it to the person's machine (or server) so it 
won't fall into the wrong hands.

Generally there's very little you can do to protect data from someone with
physical access to the machine -- unless you can keep it in encrypted form,
and only decrypt it elsewhere, so that the decryption key never passes
through the vulnerable machine.
Other databases that use encryption will decrypt the information when a row 
is accessed, so there is no unencrypted data lying on the hard drive. It is 
extremely fast and I don't notice a speed difference between encrypted and 
unencrypted files. Indexes and blobs are encrypted. Anyone trying to access 
the data outside of my application will see only gibberish. Anyone trying 
to decompile my application will see only gibberish and it would take a 
great deal of effort to crack it.

MySQL relies on OS security and that can be easily circumvented, at least 
on a Windows box. I'm sure there are some good hacks for Linux as well. And 
putting sensitive data on a shared MySQL ISP site gives me shivers. Even 
a dedicated MySQL box has its problems if it is located at an ISP outside 
of my control. Working with MySQL after working with encrypted databases is 
a lot like living in a house with no doors and windows. You pretty much 
have to trust everyone in your neighborhood.

Mike



--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]


RE: How to secure a MySQL database from people with physical acce ss

2003-05-27 Thread mos
At 02:22 PM 5/27/2003, you wrote:


> -Original Message-
> From: mos [mailto:[EMAIL PROTECTED]
> Correct, which is why I have a means of compressing and
> *encrypting* the .exe file.
I don't understand how this helps...  The EXE file has to contain a complete
decryption routine or it can't be executed.  So all the person has to do is
decompile the decryption routine, and then run the reverse-engineered
routine against the program.  Alternatively, they can use a debugger and put
a breakpoint in at the end of the decryption routine.
This sort of stuff does help against a casual attacker, but you always have
to keep in mind that you aren't really making the software secure, just
raising the energy barrier.  It's a bit like the door locks on your car.
They'll keep curious people out, but a determined thief will just break a
window.
The software encryption resists attacks like that. It may not be 100% 
effective, but it will make it a tough nut to crack.

Yes, I am raising the bar. Most people know how to copy files onto 
diskettes, or email them to a friend.

Not that many know how to hack an encrypted program or an encrypted 
database. So if I eliminate 99.9% of the attackers, I've eliminated a large 
portion of the threat. Over 50% of computer break-ins are done by internal 
employees,  and by securing the software and database it will greatly 
reduce the number of successful attacks.

> It's a bit like the door locks on your car.
>They'll keep curious people out, but a determined thief will just break a 
window.

Exactly. Do you lock your car when it is on the street? Why? If you're 
right, someone will only break the window and drive off with it anyway. So 
leave it unlocked and the keys in it. That way the thief won't rip out the 
ignition or break a window. After all, he's going to get in anyway, right?

Well, the more barriers there are for the thief (or snoop) to overcome, the 
more likely he will go somewhere else.

Mike

P.S. Where'd you say you parked your car? :)



--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]


RE: How to secure a MySQL database from people with physical acce ss

2003-05-27 Thread David Brodbeck


> -Original Message-
> From: mos [mailto:[EMAIL PROTECTED]

> I could encrypt certain table fields, but this will make 
> writing the front 
> end a pain because all SQL statements will now need to be 
> changed any time 
> a new column is encrypted.

It also won't help you any, because the software will have to contain
everything needed to do the decryption.  Unless you can somehow prevent a
hypothetical attacker from getting this software, your encryption is only
going to keep a casual attacker out.  All he has to do is decompile the
software enough to figure out your encryption routine.

Generally there's very little you can do to protect data from someone with
physical access to the machine -- unless you can keep it in encrypted form,
and only decrypt it elsewhere, so that the decryption key never passes
through the vulnerable machine.

-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]