[stunnel-users] Passphrase validation

Fri Jun 24 07:01:49 CEST 2005

That's all well and good for a Unix environment, but what about on Windows?  
No chown or chmod on there!

I believe that it is sometimes useful for the passphrase to be requested by 
Stunnel on startup (on the client side), but you all make valid points.

Paul.

--- Vasil Dimov <vd at datamax.bg> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Wed, Jun 22, 2005 at 04:30:56PM -0700, Joseph
>Mocker wrote:
> > > It depends on how the machine were broken.
>Presumably if you
> > were that hell-bent on using passprhases on
>private keys, you'd
> > likely isolate stunnel to run as an unpriviledged
>user in a chrooted
>That is a good idea anyway :)
>
> > environment, and you may very well set the
>coredump size to zero
> > and remove a debugger all together. So unless the
>user was able
> > to break root, the effects of the break-in might
>be minimized.
>
>Private key stealing table:
>* the key and the plain text file, holding the
>password (if any)
>   should always be chown root and chmod 400
>* stunnel is the (unprivileged) user stunnel is
>running as
>* we assume that stunnel is running at the time of
>breakage, because
>   this is the worst case.
>
>    key storage \ break as                        root  stunnel  other user
>-
>---------------------------------------------------------------------------
>1. unencrypted key                               YES   YES      NO
>
>2. crypted key/password in text file             YES   YES      NO
>
>3. crypted key/password entered at startup       YES   YES      NO
>-
>---------------------------------------------------------------------------
>
>As we see there is no difference if the private key
>will be kept
>crypted or unencrypted with or without text file
>holding the passphrase.
>
>What happens if the stunnel daemon is not running
>during the breakage?
>Note that this is an optimistic suggestion and we
>should not rely on it.
>
>    key storage \ break as                        root  stunnel  other user
>-
>---------------------------------------------------------------------------
>1. unencrypted key                               YES   NO       NO
>
>2. crypted key/password in text file             YES   NO       NO
>
>3. crypted key/password entered at startup        NO
>    NO       NO
>-
>---------------------------------------------------------------------------
>
>So the only difference in all cases is if stunnel is
>not running and the
>hacker gets root on the machine and the key is
>crypted and the password
>is entered at startup - then it will not be possible
>to steal the
>private key.
>
>As a conclusion, it is obviously - that there is
>really no sense to
>keep the password in a text file and it makes a
>LITTLE sense if the
>password is entered at startup - in just one, rare,
>case this setup
>will save the private key.
>
>-----BEGIN PGP SIGNATURE-----
>
>iD8DBQFCunHRFw6SP/bBpCARAtN4AJ0TBfANXVyyLNKojIaFzb1E/7WBqQCeIcop
>rAqsbhJmK9oBYg/Rb9iJzSE=
>=rFAJ
>-----END PGP SIGNATURE-----
>_______________________________________________
>stunnel-users mailing list
>stunnel-users at mirt.net
>http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>

_________________________________________________________________
Sell your car for $9 on carpoint.com.au   
http://www.carpoint.com.au/sellyourcar