Re: Secure communication between two VB6 programs


"Mike Meyer" <x@xxxxx> wrote in message news:yahAe.3223$5R1.2401@xxxxxxxxxxx
> Larry Serflaten wrote:
> > Isn't encryption going to do it for you?
> >
> > See: http://msdn.microsoft.com/msdnmag/issues/04/11/CryptoUtility/default.aspx
>
> I am not so much worried that a rogue program can see the data passed
> between the two programs. I want to protect against data replay attacks
> and program impersonation.
>
> An example of what I am trying to accomplish:
> There is a system file in %windir%. The ACL on it is:
> Everyone=Read Only
> Administrators=Full Access
> System=Full Access
>
> My GUI (run as a normal, unprivileged user) will allow this file to be
> edited by sending a command to the service, such as "Delete all lines
> containing 'SomeString'" or "Append a line containing 'SomeOtherString'"
>
> However, I don't want some other program to be able to send that same
> command to the service. I also don't want some other program to be able
> to replay that same command at a later time. Since the source code of
> the unprivileged program will be available, the service will also have
> to be able to resist attack from a modified EXE. I understand that if
> the service is modified, it's game over. But to change the service, the
> user needs to be logged in as a privileged account.
>
> I almost certainly will require some kind of encryption, be it a hash,
> signature, secure channel, or whatnot. The problem is that I'm not
> familiar enough with crypto to just take the ball and run with it. I'd
> benefit most from looking at an already-implemented example. Most
> secure communications examples I've seen are meant for secure Internet
> communication. My situation is different--I need to authenticate a
> channel between two programs on the same PC, and the listening end needs
> to verify that the sending end is legit.
>
> It seems to me that this must be a common programming problem, and there
> must be a common solution. I'd rather not re-invent the wheel.
>
> Mike
.

Relevant Pages

  • Re: Unbreakable Encryption ? Scenarios - What encryption method would be best?
    ... DES is a well-known algorithm so there are good reasons to have a good ... > risk it by storing one of the best possible passwords (or encryption ... > Ok lets say there will be a secure channel but it will happen only ... > because the decrypting method yielded a plain text message and vice ...
    (sci.crypt)
  • Re: [fw-wiz] Re: Firewalls breaking stuff: [Was re: fwtk]
    ... > access to the mail server's private keys and thus the monitor can follow the ... > in a way that's more secure rather than less secure. ... for service level encryption versus VPN access. ... >> reducing bugs reduces the number of sever bugs. ...
    (Firewall-Wizards)
  • Re: Best secure surfing solution
    ... I have set up a service with companies providing secure web ... the product would have to install a keylogger. ... If we caught anyone in> IS or elsewhere in our company sniffing our communications, even if they> were encrypted, they'd get laid off or, at least, suspended. ... If e-mails are sensitive then> the sender should be using encryption. ...
    (alt.computer.security)
  • Re: Best secure surfing solution
    ... I have set up a service with companies providing secure web ... the product would have to install a keylogger. ... If we caught anyone in> IS or elsewhere in our company sniffing our communications, even if they> were encrypted, they'd get laid off or, at least, suspended. ... If e-mails are sensitive then> the sender should be using encryption. ...
    (sci.crypt)
  • Re: Symmetric encryption algorithm with group like properties
    ... >> Solutions that exist today are not as secure as they can be. ... I wouldn't expect more than PGP / GPG type encryption, ... > versions - with the key, protected by RSA encryption under a RSA public key ... > Alice needs a secure decryption mechanism to read her emails, ...
    (sci.crypt)