The Vault Development - Encrypt files

Discussion in 'privacy technology' started by softtouch, Jun 21, 2009.

Thread Status:
Not open for further replies.
  1. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    Security software is a bit different than other types of software. You've got to expect an "insecure until shown secure" attitude; it's the same attitude that drives our confidence in cryptographic primitives. If it's new, we don't immediately implement it for precisely that reason -- regardless of whether or not it looks good.

    I'm sad to hear that, as I thought I provided useful information from experience. But, to give the benefit of the doubt that it was overlooked, I'll mention my concerns again.

    First, you mention that you use hash functions during the creation of the "vault." If I have this correct, a hash value that's stored with the vault is verified whenever the vault is accessed, in order to detect any changes to the vault? If so, that'll work against passive scenarios, like accidental corruption, but it's useless against an active adversary, who can simply manipulate the vault and replace the hash with a new hash that corresponds to the tainted vault.

    That's because hash functions are unkeyed. What you need is a keyed MAC, where you can use a block cipher with CMAC, or a hash function with HMAC, for instance. But maybe it doesn't work this way, so I'm open to be educated on how it does. Regardless, you're not going to preserve integrity against an active adversary unless you use a MAC.

    Second, you use Blowfish. It's 64-bit block size could be a problem, if you encrypt more than 2^32 blocks under a single key. To translate this into terms that would affect your software, plaintext information would start to leak if your vault is larger than 32GB. Maybe you limit the size of vaults such that this would be a non-problem, but even if you do, I see no reason, cryptographically, to use Blowfish, where the AES is just fine.

    The tricky part about security software is that you can't run beta tests for security problems, and it seems a bit premature to publish your software, let alone charge for it, when it's incredibly new, designed by those whose cryptographic prowess is unknown, and comes without any analysis that we know of. Couple that with the potential issues I mentioned above, where I may not have any protection against active adversaries and my plaintext may start to leak if I use Blowfish on a vault beyond 32GB in size, and I'm left uneasy.

    My criticism is certainly given with the intent of protecting your reputation, because if history has shown us anything, it's that those who jump the gun with security, and are caught, are left with a reputation that's next to irreparable. Sure, security is a bit of a crapshoot at times, and some insecurities are taken as a matter of course, but silly ones, like not properly preserving integrity and letting plaintext information leak, are usually not forgiven. Simply going back to publishing it for free isn't good enough right now; it shouldn't be published at all. Doing so puts your reputation, and others' data, on the line.

    What I'm not saying is, "Throw in the towel." What I am saying is, "Slow down."
     
  2. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Justin Troutman - You are correct. Your input has been invaluable, both to the product and to me personally as a learning avenue. I appreciate that very much and I did not mean to include you in what I previously said. It is feedback like that that will improve not only this and future projects from any author but allows the community as a whole to learn from.

    Otherwise stated, this is the kind of helpful feedback I had wished to have received.
     
  3. Genady Prishnikov

    Genady Prishnikov Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    350
    This thread is scary.
     
  4. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    I am not sure that anybody would benefit from your reply.
    You might evaluate your post so we will understand the meaning.
     
  5. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    The Vault is now released as freeware and available in future at http://www.freesoftwaretoolbox.com.

    Nothing to hide: The Vault has a donation screen which popup at program exit.
     
  6. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    You got another domain? That's about 3 in 3 months isn't it? :eek:

    Cool to see TheVault is free along with your other applications, you should do up a pad file and submit your apps to all the software directories.

    I'm just curious, do you code custom programs?
     
  7. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    It was a struggle for me to release it as freeware, because I know people will most of the time not donate a single cent, but expect full service which cost time (and with that money)...

    I changed the domain (once again), because I intent also to publish my programs written in C/C++ and assembler, and they wont fit on "delphifreeware.com".

    I am doing custom programming all the time, that's my job. I do the freeware just in my spare time.

    We have currently 20 freeware title published at the new domain. About 20 more will follow one by one (after I have changed captions, url's etc.)
     
  8. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,098
    Location:
    USA
    softtouch: Took a quick look at The Vault (I hadn't seen it for a while.) I like the overall design. I like the fact you focused on keeping it portable. In fact, there isn't much I don't like. :) Thanks for your efforts!

    The only question I've come up with so far is the thevault.ini file. All I see in it is the path to the most recent opened Vault. Is there any other purpose for this file? If not, is there a possibility that it could be made optional (to create the file or not?) If one is trying to "hide" their Vault files, thevault.ini file gives away the hiding place. I know it's technically not a security risk but I'd still like to have the option to not leave any clues if possible...
     
    Last edited: Aug 31, 2009
  9. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    The ini is a headache, I know. But it does not only contain the path to the last opened vaults (like an MRU list), it also holds information about secure erase, viewer, notification and so on. In fact, it will hold about 37 values and settings, program related, with no security related settings. I have no real idea yet how to prevent the ini, but being able to store settings, without using the registry.
     
  10. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,098
    Location:
    USA
    Well, the INI file itself is not a significant issue. Leaving the MRU inside it is. Can it alone be an option to log or not?
     
  11. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    I added an option for the MRU list, which is by default OFF.
    New version: V1.0.0.12

    I have to mention it again before people are annoyed: The Vault has a donation screen which popup at program exit.

    New download location: http://www.freesoftwaretoolbox.com/thevault
     
    Last edited: Sep 1, 2009
  12. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,098
    Location:
    USA
    Thanks! Nice! :)
     
  13. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    That's true. At first we wanted to differentiate between freeware and shareware apps, thus the need for the first domain change. Now we are going at this from a different angle; having the application themselves be freeware and trying to sell advertisement space. We'll see how it goes. We first need to generate consistent traffic.
     
  14. Countermail

    Countermail Registered Member

    Joined:
    Aug 7, 2009
    Posts:
    169
    Location:
    Sweden
    Some suggestions:
    1. You should add the Windows API; VirtualLock() to all sensitive information stored in RAM, to prevent Windows swapping it to the pagefile.

    2. You can also add VirtualProtect() to make it harder for other processes to read your applications memory.

    3. Don't store the password as plaintext in RAM, as you do now. Use some protection.

    4. A future feature: Add keylogger protections to the password field, it's possible to block approx 70-80% of all keyloggers by using SetWindowsHookEx() (with WH_KEYBOARD_LL/ WH_KEYBOARD/WH_DEBUG) on your own process.
     
  15. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Thank you for your suggestions. That are very valuable to us. We will discuss them.
     
    Last edited: Sep 3, 2009
  16. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    The password stored temporary in memory is AES encrypted since V1.0.0.13
     
  17. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,098
    Location:
    USA
    I must say that after running the latest version of The Vault, it has morphed into what I had hoped it could/would. A container type encryption program that's small, portable and doesn't require admin privileges. A rare and welcome program. I will definitely have uses for it.

    I also appreciate the willingness you have to make it better.

    Congrats softtouch and n8chavez! :)
     
  18. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    Agreed, i'm glad softtouch continued after the initial beating because TheVault has grown in to a cool app. After seeing (and using) what he created back in the C64 days he's a talented coder.

    (I may have to snap him up for a custom project shortly)

    Well done softtouch and n8chavez.
     
  19. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Thank you guys very much. We appreciate your support. There are many freeware products at FreeSoftwareToolbox. If you like them please spread the word, and perhaps consider donating so we can continue development.

    As always if you have any questions, suggestions, or application ideas please contact me.
     
    Last edited: Sep 3, 2009
  20. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    .

    This isn't Freeware, this is Nag-Ware! :thumbd: :thumbd: :thumbd: :thumbd: :thumbd: Not a very good way to gain a good reputation, with your annoying popup window!
     
    Last edited: Sep 3, 2009
  21. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    It is mentioned here and also on the product page that it has a popup at program exit.

    Because the donation is optional, it can be considered to be a type of freeware.
    It has no limitation, is not crippled, will never expire, and can be freely passed around.

    As the author, who spent time, bandwidth, cost for hosting, it is my right to ask for a donation (which is optional).

    If you don't like it, don't use it.
     
  22. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    Nothing wrong with asking for donations, but putting a timer countdown on your software before it closes is typically known as NagWare (as Warlockz said). That's a HUGE negative, especially on something like The Vault that may need to be closed quickly, but cannot, because the nagware screen is counting down. So, nothing wrong with wanting donations, and lots of freeware asks for donations, without a timer countdown nag screen. In fact, some download sites wouldn't even allow your product as "freeware" because of the much-hated NagWare countdown.
     
  23. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    Yes, that's an acceptable explanation, which makes totally sense to me.
    The timer will be removed starting with The Vault (in fact, its already removed in the current version).
     
  24. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Donations are very important to us. Without them we probably wouldn't be able to continue, unless we found another source of income. Those nag screens are annoying, but that's the point. Without them compelling users to donate we would not have any income at all and eventually have to cease.

    The Vault used to be shareware, but users complained so we made it freeware but you are still complaining.
     
  25. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    Actually, some of us would like any security product (including the one you create) to be open source, so we can check it's source (or at least to have the option to do it) for possible implementation or security problems.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.