Patches for SpeakFreely 7.5/Linux for handling of encryption keys
Thomas Shaddack
shaddack at ns.arachne.cz
Mon Apr 21 15:16:48 PDT 2003
In Linux version, the encryption keys are supplied to the sfspeaker and
sfmike processes as commandline parameters.
This is fundamentally insecure, as the keys are then available for
every user and process that can do "ps -ef" or has /proc access.
Also, it would be beneficial for many settings if the program could read
the keys from an external file. Then the key can be protected on the level
of the filesystem, or even by complete hardware removal when not used (eg,
storing the keys on a smartcard, removable USB drive, or a floppy). They
also can be easier automatically distributed, eg. by scp.
I wrote some modifications for version 7.5, which solves both problems.
If the key value begins with @, it's interpreted as a file name. After
reading the key value, the parameters accessible via /proc and ps are
overwritten in memory and destroyed. The patches are tested for only the
IDEA encryption, but the code is identical for the other options.
The patches for sfmike and sfspeaker are available from
<http://213.246.91.154/patches/speakfreely/>.
Enjoy. :)
Shaddack, the Mad Scientist
More information about the cypherpunks-legacy
mailing list