We have a (multi-os) application which communicates with a https server using libcurl and uses SSL client certification. When the client certification is password protected, the application must ask the user to input password. The application sends hundreds of different https request to the server, so we can not ask the user to input password each time a new connection is going to be created. Now we simply prompt the user to input password once when the application starts then set the password to curllib through "CURLOPT_KEYPASSWD" option. But I'm worrying about malicious user could easily hack into the running process and read the client certification password. Is there anyway I can cache the client certification password and also prevent it from being easily read from memory?
views:
182answers:
1You should not worry that much about it, in real life. If you worry about such attacks, maybe look into hardware based keys and certificates in smart cards.
Some suggestions to fight swap and coldboot attacks:
- Lock the memory that holds the password, don't allow it to be swapped out (mlock+mprotect and on posix, Windows also has similar functions)
- possibly encrypt the memory that holds the password and only decrypt it while using the password.
In real life, if your machine is owned so that somebody can intrude into processes he/she should not have access to - you're already compromised, no idea trying to make it obscure.
If you think that you control the cache - think again - you can never know if curl for example copies and leaks the memory with the password, under some circumstances.
If you're serious about SSL and security, use hardware tokens or smart cards. Otherwise expect that once the host is compromised, your software and any access codes running through that host have been compromised.