Does anybody know of an existing C extension that interfaces with ruby code for the sole purpose of hiding important encryption info, such as the SALT? When users write encrypt/decrypt methods it would be nice to call a C interface to obtain the salt/iv. This way general users would have a harder chance of cracking the encryption. Using this method wouldn't about the only way to obtain the sensitive data by reading each RAM address and try to grab the value while that Ruby method executes while it's calling the C extension.
If one doesn't exists is this something other users would take advantage of if one was written?
Look forward to all the suggestions!
I would suggest just compressing your salt and using zlib to
decompress -- do the operations in two different places. You only
store the compressed version in your code. You could further hide the
salt by using a bit of some part of your code or other reflective
"stuff" and just using the compressed version as the salt. Wrapping it
in a so will not be much stronger.
pth
···
On 8/26/06, Cliff Cyphers <cdc@cyphers.dns2go.com> wrote:
Does anybody know of an existing C extension that interfaces with ruby
code for the sole purpose of hiding important encryption info, such as
the SALT? When users write encrypt/decrypt methods it would be nice to
call a C interface to obtain the salt/iv. This way general users would
have a harder chance of cracking the encryption. Using this method
wouldn't about the only way to obtain the sensitive data by reading each
RAM address and try to grab the value while that Ruby method executes
while it's calling the C extension.
If one doesn't exists is this something other users would take advantage
of if one was written?
Look forward to all the suggestions!
The salt doesn't need to be secret. The whole point of modern
encryption methods is that only the secret keys need be hidden. The
only point of a salt is to ensure that if the same data is hashed by
two different services the result will be different and there is no way
to tell that they came from the same data. You can publicly display it
to the world as long as it is different from that of other services.
Cliff Cyphers wrote:
···
Does anybody know of an existing C extension that interfaces with ruby
code for the sole purpose of hiding important encryption info, such as
the SALT? When users write encrypt/decrypt methods it would be nice to
call a C interface to obtain the salt/iv. This way general users would
have a harder chance of cracking the encryption. Using this method
wouldn't about the only way to obtain the sensitive data by reading each
RAM address and try to grab the value while that Ruby method executes
while it's calling the C extension.
If one doesn't exists is this something other users would take advantage
of if one was written?
Look forward to all the suggestions!