Security of piping unencrypted keyfile through named pipe

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A script I'm writing to help me manage loop-aes v.2
partition-backed loops (a la README sect 7.2 Ex 2)
needs to be launched by a filemanager ie not from a
commandline.

In order for the terminal user to enter the passphrase
to encrypt the keyfile, I want to open an rxvt window
running gpg from the script (unless there's another
way).  Since the -e option to rxvt only seems to take
one command argument, I seem to be stuck with this:

mkfifo -m 600 npipe
head -c 2925 /dev/random | uuencode -m - | head -n 65
| tail -n 64 >npipe &
rxvt +sb -geometry 80x1 -fn fixed -cr blue  -T
"Password" -e gpg -c -a -o ${KEYFILE} npipe
wait
rm -f npipe

(Rxvt seems to accept no other workarounds that I can
find).

Is this much less secure than the usual anonymous
pipe?

Or, if an attacker was in a position to read from the
named pipe, does that mean they would be in a position
to easily compromise the encryption anyway (with or
without the named pipe)?

I considered making root the pipe owner to tighten
security on the named pipe but the user has sudo
rights anyway so why bother.

I've thought I could randomise the path and name of
the  named pipe to make it harder to watch for by
doing something (?) like:

r=$(((RANDOM%(99))/2))
NPIPENAME=$(head -c $RANDOM /dev/random| uuencode -m -
| head -n 2 | tail -n 1| cut -c -$r )# also add a sed
filter for bad chars except / 

But a trojan/intruder could still watch for new pipes
some other way, no doubt.

Help! Any comments or suggestions?





		
__________________________________ 
Discover Yahoo! 
Use Yahoo! to plan a weekend, have fun online and more. Check it out! 
http://discover.yahoo.com/

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux