RFBServer>>#encryptPassword: wipes the password thats passed in and I'm confused why that's ok.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

RFBServer>>#encryptPassword: wipes the password thats passed in and I'm confused why that's ok.

Paul DeBruicker
IF I load the RFB package from lukas's site[1] (Pharo 1.4, recent enough
VM, linux) and set the RFB server's fullPassword like this:

MyObject>>startRFB
        RFBServer current setFullPassword: self rfbPassword

MyObject>>rfbPassword
        ^'1234'


After that send the source of rfbPassword shows '1234' but the bytecodes
show that it is '' and the apparently empty string is 8 bytes long with
each character being (Character value:0)


#setFullPassword: uses #atAllPut: to set the value of #rfbPassword to
'Character value: 0'.

My concerns are these:

1. Using the current implementation its impossible to stop and restart
the RFB server with a default password programmatically.

2. The implementation is not idempotent when starting/stopping.

3. I don't understand the security consequences of removing the part
where the password sent to #encryptPassword: is set to NULL characters.

Is wiping the values of the #rfbPassword method necessary for security
reasons?  I  assume that setting the RFB server to only accept
connections from localhost and using X forwarding would take care of
most of the risk of having a string literal in the image.


Or- should I be accessing a default RFB password from another source
than a class side method in the image?

Is there a standard practice for starting and stopping the RFB server in
Pharo 1.4 where the RFB server is up and down during the time the image
is up?


Thanks for any advice


Paul




1 - The change was from this package:  RFB-MiguelCoba.26.mcz from this
repo: http://source.lukas-renggli.ch/unsorted

Reply | Threaded
Open this post in threaded view
|

Re: RFBServer>>#encryptPassword: wipes the password thats passed in and I'm confused why that's ok.

Paul DeBruicker
On 03/12/2013 11:50 PM, Paul DeBruicker wrote:

> IF I load the RFB package from lukas's site[1] (Pharo 1.4, recent enough
> VM, linux) and set the RFB server's fullPassword like this:
>
> MyObject>>startRFB
> RFBServer current setFullPassword: self rfbPassword
>
> MyObject>>rfbPassword
> ^'1234'
>
>
> After that send the source of rfbPassword shows '1234' but the bytecodes
> show that it is '' and the apparently empty string is 8 bytes long with
> each character being (Character value:0)
>
>
> #setFullPassword: uses #atAllPut: to set the value of #rfbPassword to
> 'Character value: 0'.
>
> My concerns are these:
>
> 1. Using the current implementation its impossible to stop and restart
> the RFB server with a default password programmatically.
>
> 2. The implementation is not idempotent when starting/stopping.
>
> 3. I don't understand the security consequences of removing the part
> where the password sent to #encryptPassword: is set to NULL characters.
>
> Is wiping the values of the #rfbPassword method necessary for security
> reasons?  I  assume that setting the RFB server to only accept
> connections from localhost and using X forwarding would take care of
> most of the risk of having a string literal in the image.
>
>
> Or- should I be accessing a default RFB password from another source
> than a class side method in the image?
>
> Is there a standard practice for starting and stopping the RFB server in
> Pharo 1.4 where the RFB server is up and down during the time the image
> is up?
>
>
> Thanks for any advice
>
>
> Paul
>
>
>
>
> 1 - The change was from this package:  RFB-MiguelCoba.26.mcz from this
> repo: http://source.lukas-renggli.ch/unsorted
>


Oh and if you want to see what I'm talking about load the latest from
Lukas's site and run this


RFBServer current inspect.
pwd:='nintendo'.
correctHash :=#[223 3 196 119 26 39 155 190].
       
        3 timesRepeat: [RFBServer current
                initializePreferences;
                configureForMemoryConservation;
                allowEmptyPasswords: false;
                allowRemoteConnections: false;
                yourself.
        RFBServer current setFullPassword: pwd.
        RFBServer current start: 1.
        RFBServer stop].
       

Then in the inspector check the value of the vncPassword inst var.  The
first value of the array should be #[223 3 196 119 26 39 155 190] if it
were idempotent but is #[90 178 205 192 186 220 175 19] which is the
hash value for an 8 byte NULL character password.