Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:20
Stephen P. Gibbons (steve@aztech.net)
Tue, 06 Oct 1998 22:59:08 -0700
I read this and responded with a Homer Simpson-like "Doh!"
bram wrote:
> On Tue, 6 Oct 1998, Lenny Foner wrote:
>
> > An application I'm writing saves its state to disk every so often,
> > using IDEA in CBC mode. (It's using SSLeay's implementation of IDEA,
> > and makes sure to start with a random IV, etc.) Each time it does so,
> > it picks a new 128-bit session key for the encryption; this session
> > key is also stored on disk, and is hashed by a passphrase.
> >
> > The question is, what's a reasonably safe way to do this?
>
> Not directly crypto related (although it is a robustness issue) is
> rollbacks.
>
> In general, it's a good idea to replace old files as follows:
>
> 1) create a new file with the new state
>
1.5) _Wipe_ the old file. (Write random data over all of the previeously
used bits of the old file N times.) Your OS may not allow you yo do this
cleanly without modifications to the OS, or other special measures.
> 2) delete the old file
>
> 3) rename the new file to have the old files name
>
> This way, theres no chance of completely losing everything just because
> the computer happened to crash at the exact wrong moment.
>
> -Bram
With the insertion of 1.5, above, you have to worry less about the "bad
guys" getting access to the previous version of your "super secret stuff".
-- Steve
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:20