Roswell Secure Content Repository

Automation and Password Security - the Chinese box problem

How do you secure software that loads automatically? You can secure its resources with passwords, keys, and certificates, but then how do allow the application access to this security resource? You can put these passwords, keys, and certificates into a key-store, but then you have to secure the key-store with a password, key or certificate. Traditionally developers did this by securing the key-store with a master password and embedding the password in the application itself. Of course, embedding passwords in the code is not a very secure way of managing master passwords. There are many old cases of hackers reverse engineering code to find the hidden master password, which they then use to break into a system.

The more common modern method is to pass the master password to the application on system load. This allows system administrators to change the master password for each installation so simply getting access to the source, or the compiled code is insufficient to break into the key-store. If, however, an application loads automatically on hardware boot, either someone has to enter the password manually or the application must have access to a file containing the password. In the later situation, we’ve eliminated the ability of an external hacker breaking in by simply obtaining a copy of the code, but we still must trust in the fidelity of the system administrators who have access to the drive on which the password file resides through their system logon passwords.

You can see throughout the preceding discussion we’ve been building a Chinese box (or Russian doll) scenario with each security domain being secured by placing it within another, but at no time during this box within box digression have we managed to shut the door completely. At some point, a human becomes the key holder. I think we may be at the limit of our ability to secure anything. Eventually, trust resolves to the fidelity of a person or group of persons. The only safe place for a password is in a trusted human being’s head.