Patches for SpeakFreely 7.5/Linux for handling of encryption keys
In Linux version, the encryption keys are supplied to the sfspeaker and sfmike processes as commandline parameters. This is fundamentally insecure, as the keys are then available for every user and process that can do "ps -ef" or has /proc access. Also, it would be beneficial for many settings if the program could read the keys from an external file. Then the key can be protected on the level of the filesystem, or even by complete hardware removal when not used (eg, storing the keys on a smartcard, removable USB drive, or a floppy). They also can be easier automatically distributed, eg. by scp. I wrote some modifications for version 7.5, which solves both problems. If the key value begins with @, it's interpreted as a file name. After reading the key value, the parameters accessible via /proc and ps are overwritten in memory and destroyed. The patches are tested for only the IDEA encryption, but the code is identical for the other options. The patches for sfmike and sfspeaker are available from <http://213.246.91.154/patches/speakfreely/>. Enjoy. :) Shaddack, the Mad Scientist
participants (1)
-
Thomas Shaddack