[37] in linux-security and linux-alert archive
Re: Secure setup for file transfer
daemon@ATHENA.MIT.EDU (Alan Cox)
Tue Mar 7 07:36:46 1995
From: iialan@iifeak.swan.ac.uk (Alan Cox)
To: linux-security@tarsier.cv.nrao.edu
Date: Tue, 7 Mar 1995 10:04:03 +0000 (GMT)
In-Reply-To: <m0rllRO-0002dcC@jacob.remcomp.fr> from "Jacob Navia" at Mar 6, 95 11:39:49 pm
Reply-To: linux-security@tarsier.cv.nrao.edu
> I have proposed a Linux server as the file server. The server will run
> a propietary transfer protocol. This eliminates the security holes of
> FTP but could possible open new ones. That's the reason of this post.
So you feel you in person can beat 12 years of debugging, CERT and the
combined work of the unix world in security.
> 1. My protocol needs:
> a) Establish that the guy at the other end is the user in question.
> This will be done by setting up a login/password scheme. The
> password SHOULD be encrypted. Question: What encryption scheme
> should I use?
FTP + SRA encryption. Ideally you should use a Diffie Helman exchange
system but you'll have to buy a patent license in the USA for that.
> b) Establish that the machine doing the call is the machine that's
> authorized to call. Since there is no Machine ID with PCs, I will
> use an encryption scheme that reads the CMOS of the machine and
> makes an integer out of different values like the BIOS date, the
> type of BIOS, and other parameters. This number will be expected
> by the Linux server to be sure that the machine calling is the
> right one. Of course any change to the machine's motherboard will
> need a reinstallation of the software but this is no big deal.
Some CMOS values change. Anyone can take your binaries apart and deduce the
number for a given machine. Thats a small exercise as people who've had
game protection systems shredded under them will tell you.
> I will use Winsockets.DLL in the windows side, and a server daemon in the
> Linux side. Both sides are already written without any security concerns.
> The security options are scheduled to be done now.
The winsock.dll means your application can trivially be logged so your system
must be immune to playback attacks on other machines. This may cause problems
it means for example you can't simply use a generated machine specific key.
> The server will use a special port number to receive data. Since there is
> a difference between port numbers under 1024 and those above, I will use
> one in the 4.000 range. Is that a good idea?
It has no meaning at all. If you want secure data you have to implement a
secure transfer layer. Again in the US be very careful, export of encryption
can carry a prison sentence so you can't sell outside the USA. Within the USA
most encryptions have software patents on them. MD5 and 3DES are options that
I think are clear.
> What do you think? Comments welcome.
Stupid question - wouldn't caller ID on the modems be an easier technique
Alan
