Re: [GNU Crypto] Passwords Immutable?

[Bryan Hoover]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Casey Marshall wrote:
>
> >>>>> "Bryan" == Bryan Hoover <address@hidden> writes:
>
> Bryan> Casey Marshall wrote:
> Bryan> I assume the objective is to cover for any situation in which
> Bryan> resetMechanism is not called -- which could include client side
> Bryan> crashing for instance, or just not calling it, which, asfaik is
> Bryan> okay in terms of the SASL protocol specification (and perhaps
> Bryan> something in addition to this?).
>
> I think in general this sort of class will be useful, too. The idea
> behind it being that if the programmer forgets that he has these keys
> in memory, they will be wiped out after too long a timeout, in hope
> that the memory there would not have been swapped to disk.

Makes sense to me -- just wanted to make sure I was following you --
that is, do both:  destroy as soon as possible, and have the timer just
in case.

> Bryan> In any event, in this light, resetMechanism is probably not the
> Bryan> best place to put the constructor.
>
> Bryan> So now that you mention it, why not destroy the password as
> Bryan> soon as possible?  It's not needed beyond initialization is
> Bryan> it?, so once that's done, perhaps that'd be the time to call
> Bryan> the destructor.  Looks like that would be right after or within
> Bryan> sendPublicKey.
>
> I would say yes. Destroying sensitive data as soon as possible should
> be the rule.
>
> Bryan> I note that ClientMechanism implements dispose(), but it is
> Bryan> empty, and is not overridden in SRPClient.  Perhaps this would
> Bryan> be the place to put the destructor call?  But again, relies on
> Bryan> client to make the dispose() call.
>
> Bryan> There's also the ClientStore session timeout which causes the
> Bryan> mechanism to be, if you will, ultimately reset -- that is,
> Bryan> reset to the extent the session can't be reused.
>
> I must admit that I'm not all that familiar with the SASL classes;
> that was Raif's domain.

I've did me some studyin' last night/morning (whew!) :).

> Attached is my first attempt at an ExpirableObject.

Don't have time just this minute, but wanted to respond.  I've
subclassed Password from it, and compiled.  I'm gonna test it out when I
get back...

Bryan

>
> --
> Casey Marshall || address@hidden
>
>   ------------------------------------------------------------------------
>
>    ExpirableObject.javaName: ExpirableObject.java
>                        Type: Plain Text (text/plain)

- --
Nothing in the world has more potential for beauty than woman.  Nothing
has more potential to destroy it, than the world. - (Anonymous)

http://www.wecs.com/content.htm

This signature file is generated by Pick-a-Tag !
Written by Jeroen van Vaarsel
http://www.google.com/search?hl=en&ie=ISO-8859-1&q=pick-a-tag
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32) - GPGrelay v0.94

iD8DBQFAhwnI8CguVNZ0FHARAkOiAJ98dbMmYp0CNBGjMPeLYbJB+t7eAACeKyL6
RX/UQd/QxVJ0zKl36dKv2wI=
=JBQL
-----END PGP SIGNATURE-----