Re: Re: Questions on TroopMaster DotNet Security

On 26 May 2009, at 18:58, J. Scott Moncrief wrote:

> <snip>
>
> DotNet and PM seems to have several layers of protection:
> DotNet access protection
> Data Encryption
> Database Access protection
>
> -Scott

Scott,

Yes, but as best as I can tell, only a few of those layers are really  
substantial.

  - DotNet access protection.  If encrypted FTP is used to exchange  
passwords, then this is reasonably secure.  If standard unencrypted  
FTP is used, then a determined attacker will go through this without  
any trouble at all.

  - Data Encryption.  As best as I can tell, this is the "bet the  
farm" layer.  If the data encryption holds, then nothing else  
matters.  If the data encryption doesn't hold, then game over,  
attacker wins.  This is why I'm particularly concerned about  
TroopMaster password recovery - that looks to me like the greatest  
weakness in the encryption layer.

  - Database access protection.  I'm not putting a lot of trust in  
this layer, because anyone who's gotten this far has a full,  
unencrypted copy of the database on their hard disk.  There are  
several ways to attack this - patching the TroopMaster executable to  
bypass permissions checks, reverse-engineering the database format,  
and possibly dumping the database contents out of RAM once they're  
loaded.  Worst of all, this is a crack-once-run-anywhere attack - once  
you have a single patched copy of TroopMaster or once you've reverse  
engineered the file format, you can use that attack for any  
TroopMaster data file.  I trust the access protection to keep Scout  
parents honest, but it's a speed bump for a serious attacker.

Yours in Scouting,
Zach Heaton