Storing secrets in Linux
Question
Sorry, if this has been asked and answered here, simple search didn't give me much. Feel free to correct the tags and provide links to questions like the following or discussions of the subject. Also, I know Windows somewhat, Linux not so much, so the questions may appear trivial.
Some Windows apps use the registry and some other obscure places to store there their activation data, trial period days left, just the fact that the software has been installed on this OS.
Are there similar places in Linux?
If there are, how discoverable is data there given that you don't only have the root access rights, but also pretty much all the source code and can always tweak the kernel and get things by force?
If there's no way to protect such data in Linux, all other things being equal, how much does it affect availability of commercial software for Linux?
4 answers
solution1
6 ACCPTED 2011-10-06 11:26:53
What you are saying is security by obscurity - and no, registry in Windows is not much more obscure place to store data than any deeply hidden file in Linux.
That said, programs in Linux usually store their data in files beginning with a dot . (signifying a hidden nature of those files) in user's home directory. Usually the places are not very much obscure, for example Qt has a class QSettings which in Windows uses system registry but in Linux the data is stored in .config/CorporationName/ProgramName.conf . Many other programs also store data in this way. Being paranoic of your data you could of course employ any encryption, obsfucation scheme you like - much more obscure than the Windows registry.
Is the non-availabity of Windows-style registry hindering the availability of commercial software? Even if by a small factor (but I do not believe so), there are more serious problems(/features) with the platform that make writing commercial and closed software more bothersome. (but not impossible)
solution2
2 2011-10-06 11:22:00
Regardless of which OS you use, you should not depend on security by obfuscation. It is the easiest thing to crack. Wherever you store your data you should encrypt it and only decrypt it at runtime for as brief a period of time as possible. Better yet , if you're using user accounts that are stored on a server you control, store the data there and perform your checks during authentication/authorization.
solution3
1 2011-10-06 11:25:03
The only theoretically secure solution is IMO to obtain a network connection, and store the data as an encrypted string, and only ever decrypt it on the central server which is fully under your control. This is true of Windows just as well.
solution4
0 2011-10-06 11:20:24
There are several options to store secret data:
simple encrypted files (can be done with gpg)
encrypted container (eg with truecrypt, dm-crypt)
encrypted partitions or disks (dm-crypt)
Not to forget, you should use an encrypted swap too.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.