Closed mpnordland closed 7 years ago
The public key crypto available wouldn't be secure for a file larger than the key.
Umm... why do you think that? Assuming the public key crypto is done correctly, it's perfectly secure. It might be slightly less secure than symmetric crypto, but both are practically impossible to crack with a significantly large key size (1024 bits).
So let me get this straight. This PR's process is:
Why? I'm pretty sure the existing public key system is fine by itself.
The reddit bot itself looks good to me. Still really confused about the extra crypto though.
@PlasmaPower I saw in this issue that it would only work for ~200 bytes https://github.com/chaosbot/Chaos/issues/180 . Without revealing too much, I believed I would be over that amount, therefore I followed the recommendation in that comment. The cryptography library's Fernet Class used AES to encrypt, plus was easy to use so I went with that.
Oh I thought the crypto library would automatically split it into blocks. I might be wrong. I'm also surprised the secret is more than 200 bytes, but that's fine.
Downvoting because
1) reddit code and encryption code are not separated into two separate PRs (why combine them?)
2) you don't need encryption for the config, you need the sysadmin to put the redditbot config file in a directory outside the chaos repository
@anythingbot no encryption is used here so the author doesn't have to contact the sysadmin. We'd prefer to keep this project self-maintaining.
@PlasmaPower re: the need for encryption to store the config file
If the bot auto-generates a reddit password, then it can combine a redditbot template config file with the auto-generated password and stick the result in a file that is in .gitignore.
I don't think encryption is actually needed here if the bot generates the password and keeps it hidden.
I don't think encryption makes this more secure: either one of us will have the private key, or else the bot will have to create a private key and keep it hidden (in either case, either the reddit config or the private key will have to be kept hidden somehow).
Problem: how will the bot inform Reddit of this new password?
---- On Sat, 03 Jun 2017 12:40:26 -0400 notifications@github.com wrote ----
@PlasmaPower re: the need for encryption to store the config file
If the bot auto-generates a reddit password, then it can combine a redditbot template config file with the auto-generated password and stick he result in a file that is in .gitignore.
I don't think encryption is actually needed here if the bot generates the password and keeps it hidden.
I don't think encryption makes this more secure: either one of us will have the private key, or else the bot will have to create a private key and keep it hidden (in either case, either the reddit config or the private key will have to be kept hidden somehow).
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
@anythingbot then the bot would have to create the account too, which is (for obvious reasons) not supported by the API, and requires solving a captcha.
@mpnordland exactly
@PlasmaPower @mpnordland If all you want is a way for the bot to know the correct password without checking it into git, then you can put up a /redditbotconfig webpage that lets a web visitor submit the reddit password over HTTP (I know, this isn't secure against an attacker listening to TCP packets, but it is more secure than checking the reddit password into git and publishing it on github). The bot will check that the password works and remember it (store the password in a file whose name appears in .gitignore). After this is done, the bot disables the /redditbotconfig web page since it won't be used again.
This only has to be done once, since the bot will have the password in a local file and won't put up the /redditbotconfig page if this file exists.
If you want even more protection (against an attacker listening to TCP packets) then you can have the bot generate a pair of asymmetric encryption keys, put the private key in a file in .gitignore, publish the public key in the /redditbotconfig page, and ask the user to encrypt the reddit password with the public key before submitting it.
And I thought my solution was complicated. Are sure you're not trolling?
---- On Sat, 03 Jun 2017 12:58:19 -0400 notifications@github.com wrote ----
@PlasmaPower @mpnordland If all you want is a way for the bot to know the correct password without checking it into git, then you can put up a /redditbotconfig webpage that lets a web visitor submit the reddit password over HTTP (I know, this isn't secure against an attacker listening to TCP packets, but it is more secure than checking the reddit password into git and publishing it on github). The bot will check that the password works and remember it (store the password in a file whose name appears in .gitignore). After this is done, the bot disables the /redditbotconfig web page since it won't be used again.
This only has to be done once, since the bot will have the password in a local file and won't put up the /redditbotconfig page if this file exists.
If you want even more protection (against an attacker listening to TCP packets) then you can have the bot generate a pair of asymmetric encryption keys, put the private key in a file in .gitignore, publish the public key in the /redditbotconfig page, and ask the user to encrypt the reddit password with the public key before submitting it.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
I always wonder with anythingbot.
I mean... It would technically work...
So would the solution we have in front of us, already implemented.
If you want even more protection (against an attacker listening to TCP packets) then you can have the bot generate a pair of asymmetric encryption keys, put the private key in a file in .gitignore, publish the public key in the /redditbotconfig page, and ask the user to encrypt the reddit password with the public key before submitting it.
But... we already have a keypair specifically for this...?
@PlasmaPower
@md678685 right you are
upvoting this now
:warning: This PR has reached its extended voting window, but it does not have a positive meritocracy review.
Please review: @rudehn @chaosbot @xyproto @andrewda @eukaryote31 @muchzer @phil-r @hongaar @md678685 @rhengles @amoffat @ad-m @viktorsec @plasmapower @smittyvb
:no_entry: PR rejected with a vote of 8 for and 3 against, a weighted total of 5.0 and a threshold of 6.5, and a current meritocracy review.
Open a new PR to restart voting.
Reopen this PR with an explanation of the encryption and it might pass.
This is an omnibus pr. I needed proper file encryption for the redditbot config file.
The Reddit Bot
Watches for comments in /r/chaosthebot with the text "hey chaosbot" and replies with "Hey!" Should only respond once, if it responds twice, pm /u/mpnordland.
Symmetric Key Encryption
The public key crypto available wouldn't be secure for a file larger than the key. So, I introduce a symmetric key management and file encryption system. I have also modified encryption.py to allow for encrypting things as well. Using the KeyManager class from symmetric_keys.py, you can transparently handle encrypted keys from symmetric_keys.json. KeyManager handles the public key crypto for encrypting and decrypting the symmetric keys. encrypt_config_file.py uses KeyManager to encrypt the file of your choosing with a freshly generated symmetric key. The new key is then encrypted with the server's pubkey and stored under a name of your choosing in symmetric_keys.json.