empty variable

classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

empty variable

Stephen Barncard via use-livecode
What if I have secure info like a password stored
in a local variable and then I clear that info by
putting empty into that local variable.

How secure is that procedure?  I understand a
local variable does not retain the info after the
code finishes but I am concerned about any
info left in memory.

In the c language to clear the memory you set
all of the blocks to null.  That is because it is
more secure than doing something like putting
empty into the variable.

So the question is when I put empty into a local
variable I know when you access that variable it
will return empty but if it has not been set to null
then is it possible for someone to read the blocks
of memory and get anything back.  In c if you set
all of the blocks to null and not just the first block
then you have eliminated the chance of someone
recovering the info.  Is there a secure way to clear
a variable in Livecode?

JB


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: empty variable

Stephen Barncard via use-livecode
A memory dump can reveal everything stored in memory for a particular
process.

the delete variable command is what you are looking for.

https://livecode.fandom.com/wiki/Delete_variable



On Fri, Jan 3, 2020 at 1:22 PM JB via use-livecode <
[hidden email]> wrote:

> What if I have secure info like a password stored
> in a local variable and then I clear that info by
> putting empty into that local variable.
>
> How secure is that procedure?  I understand a
> local variable does not retain the info after the
> code finishes but I am concerned about any
> info left in memory.
>
> In the c language to clear the memory you set
> all of the blocks to null.  That is because it is
> more secure than doing something like putting
> empty into the variable.
>
> So the question is when I put empty into a local
> variable I know when you access that variable it
> will return empty but if it has not been set to null
> then is it possible for someone to read the blocks
> of memory and get anything back.  In c if you set
> all of the blocks to null and not just the first block
> then you have eliminated the chance of someone
> recovering the info.  Is there a secure way to clear
> a variable in Livecode?
>
> JB
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>


--
Tom Glod
Founder & Developer
MakeShyft R.D.A (www.makeshyft.com)
Office:226-706-9339
Mobile:226-706-9793
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: empty variable

Stephen Barncard via use-livecode
Hi Tom,

Thanks for the fast reply & info!

That was an interesting link.  Here are a
few lines from the link,

----------
The delete variable command not only removes the contents of the variable, but deletes it entirely from memory. If you delete a key from an array variable, that element of the array no longer exists as part of the variable.

Local variables that are used within a handler are automatically deleted when the handler in which they are used exits.

You can't delete local or global variables, using delete you just put the value empty in them.
----------

So it sounds to me from the last line above that putting empty into the variable is secure.

JB


> On Jan 3, 2020, at 10:55 AM, Tom Glod via use-livecode <[hidden email]> wrote:
>
> A memory dump can reveal everything stored in memory for a particular
> process.
>
> the delete variable command is what you are looking for.
>
> https://livecode.fandom.com/wiki/Delete_variable
>
>
>
> On Fri, Jan 3, 2020 at 1:22 PM JB via use-livecode <
> [hidden email]> wrote:
>
>> What if I have secure info like a password stored
>> in a local variable and then I clear that info by
>> putting empty into that local variable.
>>
>> How secure is that procedure?  I understand a
>> local variable does not retain the info after the
>> code finishes but I am concerned about any
>> info left in memory.
>>
>> In the c language to clear the memory you set
>> all of the blocks to null.  That is because it is
>> more secure than doing something like putting
>> empty into the variable.
>>
>> So the question is when I put empty into a local
>> variable I know when you access that variable it
>> will return empty but if it has not been set to null
>> then is it possible for someone to read the blocks
>> of memory and get anything back.  In c if you set
>> all of the blocks to null and not just the first block
>> then you have eliminated the chance of someone
>> recovering the info.  Is there a secure way to clear
>> a variable in Livecode?
>>
>> JB
>>
>>
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
>
>
> --
> Tom Glod
> Founder & Developer
> MakeShyft R.D.A (www.makeshyft.com)
> Office:226-706-9339
> Mobile:226-706-9793
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: empty variable

Stephen Barncard via use-livecode
I'm not sure what this means. When you use delete variable on a script local, it clears the contents of the variable, but the variable still exists, that is if you can use the Script Editor variable watcher as any kind of irrefutable evidence.

Bob S


> On Jan 3, 2020, at 11:04 , JB via use-livecode <[hidden email]> wrote:
>
> You can't delete local or global variables, using delete you just put the value empty in them.
> ----------
>
> So it sounds to me from the last line above that putting empty into the variable is secure.
>
> JB


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: empty variable

Stephen Barncard via use-livecode
Hi Bob,

yeah,  I am not sure exactly what it means either.
Different ways of doing the same thing?

JB


> On Jan 3, 2020, at 11:09 AM, Bob Sneidar via use-livecode <[hidden email]> wrote:
>
> I'm not sure what this means. When you use delete variable on a script local, it clears the contents of the variable, but the variable still exists, that is if you can use the Script Editor variable watcher as any kind of irrefutable evidence.
>
> Bob S
>
>
>> On Jan 3, 2020, at 11:04 , JB via use-livecode <[hidden email]> wrote:
>>
>> You can't delete local or global variables, using delete you just put the value empty in them.
>> ----------
>>
>> So it sounds to me from the last line above that putting empty into the variable is secure.
>>
>> JB
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: empty variable

Stephen Barncard via use-livecode
I think a memory dump and search of the contents is about the only thing you can do to be sure.

Bob S


> On Jan 3, 2020, at 11:11 , JB via use-livecode <[hidden email]> wrote:
>
> Hi Bob,
>
> yeah,  I am not sure exactly what it means either.
> Different ways of doing the same thing?
>
> JB


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: empty variable

Stephen Barncard via use-livecode
Is there a easy way to do a memory dump in Livecode?
Can I read the blocks of only memory for that variable?
In c the blocks are a array numbered from 0 to the size
of the variable which would be the length of the variable
in Livecode and you can access individual blocks and
that is how you write a null character to each block.

If you need to dump all of the memory on your machine
that might help but it would be better to dump only the
memory you want to look at.

Another thing to consider about dumping the memory is
the result are not always predictable.  If you did not write
a null character to each block of that memory when you
dump the memory it may not show up one time but will
be there in another dump.  That is why in c if you want
to put empty into a variable you can set the first block
to null and when you check the variable it will be empty
but in a memory dump the memory may be empty and
it may have some or all of the info in that block range
except the first block which is the one you set to null.
So the secure method you use bzero or a similar way
to set every block to null.

JB


> On Jan 3, 2020, at 11:15 AM, Bob Sneidar via use-livecode <[hidden email]> wrote:
>
> I think a memory dump and search of the contents is about the only thing you can do to be sure.
>
> Bob S
>
>
>> On Jan 3, 2020, at 11:11 , JB via use-livecode <[hidden email]> wrote:
>>
>> Hi Bob,
>>
>> yeah,  I am not sure exactly what it means either.
>> Different ways of doing the same thing?
>>
>> JB
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: empty variable

Stephen Barncard via use-livecode
In reply to this post by Stephen Barncard via use-livecode
I have it figured out.

You use it to delete each element of the array and
that is the same as writing null to each element of
the variable.

I think they mean if you do not delete each element
using this method all you are doing is putting empty
into the variable and that would be the same as if
you only write a null to the first element of the array.

In other words putting empty into the variable is not
secure.

JB

> On Jan 3, 2020, at 11:15 AM, Bob Sneidar via use-livecode <[hidden email]> wrote:
>
> I think a memory dump and search of the contents is about the only thing you can do to be sure.
>
> Bob S
>
>
>> On Jan 3, 2020, at 11:11 , JB via use-livecode <[hidden email]> wrote:
>>
>> Hi Bob,
>>
>> yeah,  I am not sure exactly what it means either.
>> Different ways of doing the same thing?
>>
>> JB
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: empty variable

Stephen Barncard via use-livecode
Well its really about what is going on under the hood. Memory dump for Macs is not trivial from what I read. Apparently it involves turning off system integrity and then booting into a special mode. At that point I stopped reading. Not something I care to do with a production system.

Bob S
 

> On Jan 3, 2020, at 11:58 , JB via use-livecode <[hidden email]> wrote:
>
> I have it figured out.
>
> You use it to delete each element of the array and
> that is the same as writing null to each element of
> the variable.
>
> I think they mean if you do not delete each element
> using this method all you are doing is putting empty
> into the variable and that would be the same as if
> you only write a null to the first element of the array.
>
> In other words putting empty into the variable is not
> secure.
>
> JB


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: empty variable

Stephen Barncard via use-livecode
I was going to say also that unless the script was in a protected stack, it WOULD be very trivial to install Livecode, put a breakpoint just before where you delete the variable, then do a memory dump at that point.

Bob S


> On Jan 3, 2020, at 12:58 , Bob Sneidar via use-livecode <[hidden email]> wrote:
>
> Well its really about what is going on under the hood. Memory dump for Macs is not trivial from what I read. Apparently it involves turning off system integrity and then booting into a special mode. At that point I stopped reading. Not something I care to do with a production system.
>
> Bob S
>
>
>> On Jan 3, 2020, at 11:58 , JB via use-livecode <[hidden email]> wrote:
>>
>> I have it figured out.
>>
>> You use it to delete each element of the array and
>> that is the same as writing null to each element of
>> the variable.
>>
>> I think they mean if you do not delete each element
>> using this method all you are doing is putting empty
>> into the variable and that would be the same as if
>> you only write a null to the first element of the array.
>>
>> In other words putting empty into the variable is not
>> secure.
>>
>> JB
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: empty variable

Stephen Barncard via use-livecode
In reply to this post by Stephen Barncard via use-livecode
It seems I really do not need to worry too much because
if I understood it correctly the memory of the variable at
the end of the execution of that code is not only released
but it is also deleted.  Since the variable I am concerned
about is used at the end of the code it does not exist after
I use it because the code is finished and the memory is
automatically freed and deleted.

JB


> On Jan 3, 2020, at 12:58 PM, Bob Sneidar via use-livecode <[hidden email]> wrote:
>
> Well its really about what is going on under the hood. Memory dump for Macs is not trivial from what I read. Apparently it involves turning off system integrity and then booting into a special mode. At that point I stopped reading. Not something I care to do with a production system.
>
> Bob S
>
>
>> On Jan 3, 2020, at 11:58 , JB via use-livecode <[hidden email]> wrote:
>>
>> I have it figured out.
>>
>> You use it to delete each element of the array and
>> that is the same as writing null to each element of
>> the variable.
>>
>> I think they mean if you do not delete each element
>> using this method all you are doing is putting empty
>> into the variable and that would be the same as if
>> you only write a null to the first element of the array.
>>
>> In other words putting empty into the variable is not
>> secure.
>>
>> JB
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: empty variable

Stephen Barncard via use-livecode
In reply to this post by Stephen Barncard via use-livecode
How does the password come into the variable?

--
  Richard Gaskin
  Fourth World Systems

JB wrote:

> What if I have secure info like a password stored
> in a local variable and then I clear that info by
> putting empty into that local variable.
>
> How secure is that procedure?  I understand a
> local variable does not retain the info after the
> code finishes but I am concerned about any
> info left in memory.
>
> In the c language to clear the memory you set
> all of the blocks to null.  That is because it is
> more secure than doing something like putting
> empty into the variable.
>
> So the question is when I put empty into a local
> variable I know when you access that variable it
> will return empty but if it has not been set to null
> then is it possible for someone to read the blocks
> of memory and get anything back.  In c if you set
> all of the blocks to null and not just the first block
> then you have eliminated the chance of someone
> recovering the info.  Is there a secure way to clear
> a variable in Livecode?
>
> JB

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: empty variable

Stephen Barncard via use-livecode
That is a very interesting question!

If the user enters the password or did I hardcode a password
so what follows can only be executed if it included the text I
put into the variable.

I am in this case hardcoding it in myself.  This could be text
that is encrypted but it is still there even before it is put into
the variable and that means it is in memory.

Any suggestions to make it as secure as possible?

JB


> On Jan 3, 2020, at 1:29 PM, Richard Gaskin via use-livecode <[hidden email]> wrote:
>
> How does the password come into the variable?
>
> --
> Richard Gaskin
> Fourth World Systems
>
> JB wrote:
>> What if I have secure info like a password stored
>> in a local variable and then I clear that info by
>> putting empty into that local variable.
>> How secure is that procedure?  I understand a
>> local variable does not retain the info after the
>> code finishes but I am concerned about any
>> info left in memory.
>> In the c language to clear the memory you set
>> all of the blocks to null.  That is because it is
>> more secure than doing something like putting
>> empty into the variable.
>> So the question is when I put empty into a local
>> variable I know when you access that variable it
>> will return empty but if it has not been set to null
>> then is it possible for someone to read the blocks
>> of memory and get anything back.  In c if you set
>> all of the blocks to null and not just the first block
>> then you have eliminated the chance of someone
>> recovering the info.  Is there a secure way to clear
>> a variable in Livecode?
>> JB
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: empty variable

Stephen Barncard via use-livecode
Inputs often pose a bigger risk than core dumps.

Where you ask:
"Any suggestions to make it as secure as possible?"

...we might instead ask:
"Any suggestions to make it as secure as *practical*?"

...or even:
"Any suggestions to make it as secure as *cost-effective*?"

There are always ways to make things more secure. The hard part is
defining an appropriate level of effort relative to the importance of
the secret.

Consider this scale of 1 to 5, in terms of how hard people work to keep
things secret:

1. My app's reg code
2. A user-defined password
3. A user's social security number
4. Nuclear secrets
5. Trump's tax returns

If it's #1 I wouldn't spend more than half an hour thinking about it,
for so many reasons covered in this list before.

#2 is worth spending some time on, but better hashed than encrypted.

#3 or above will require an understanding of the system to provide
useful guidance.

--
  Richard Gaskin
  Fourth World Systems


JB wrote:

> That is a very interesting question!
>
> If the user enters the password or did I hardcode a password
> so what follows can only be executed if it included the text I
> put into the variable.
>
> I am in this case hardcoding it in myself.  This could be text
> that is encrypted but it is still there even before it is put into
> the variable and that means it is in memory.
>
> Any suggestions to make it as secure as possible?
>
> JB
>
>
>> On Jan 3, 2020, at 1:29 PM, Richard Gaskin via use-livecode <use-livecode at lists.runrev.com> wrote:
>>
>> How does the password come into the variable?
>>
>> --
>> Richard Gaskin
>> Fourth World Systems
>>
>> JB wrote:
>>> What if I have secure info like a password stored
>>> in a local variable and then I clear that info by
>>> putting empty into that local variable.
>>> How secure is that procedure?  I understand a
>>> local variable does not retain the info after the
>>> code finishes but I am concerned about any
>>> info left in memory.
>>> In the c language to clear the memory you set
>>> all of the blocks to null.  That is because it is
>>> more secure than doing something like putting
>>> empty into the variable.
>>> So the question is when I put empty into a local
>>> variable I know when you access that variable it
>>> will return empty but if it has not been set to null
>>> then is it possible for someone to read the blocks
>>> of memory and get anything back.  In c if you set
>>> all of the blocks to null and not just the first block
>>> then you have eliminated the chance of someone
>>> recovering the info.  Is there a secure way to clear
>>> a variable in Livecode?
>>> JB
>>


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: empty variable

Stephen Barncard via use-livecode
I agree. It's easy to imagine that one can acheive absolute security, but in practice it is impossible by nature. Just someone standing over your shoulder or putting a spy camera in place is all that would be needed. The idea then is to make it as difficult and impractical as possible given the resources you have.

Bob S


> On Jan 3, 2020, at 13:59 , Richard Gaskin via use-livecode <[hidden email]> wrote:
>
> Inputs often pose a bigger risk than core dumps.
>
> Where you ask:
> "Any suggestions to make it as secure as possible?"
>
> ...we might instead ask:
> "Any suggestions to make it as secure as *practical*?"
>
> ...or even:
> "Any suggestions to make it as secure as *cost-effective*?"
>
> There are always ways to make things more secure. The hard part is defining an appropriate level of effort relative to the importance of the secret.
>
> Consider this scale of 1 to 5, in terms of how hard people work to keep things secret:
>
> 1. My app's reg code
> 2. A user-defined password
> 3. A user's social security number
> 4. Nuclear secrets
> 5. Trump's tax returns
>
> If it's #1 I wouldn't spend more than half an hour thinking about it, for so many reasons covered in this list before.
>
> #2 is worth spending some time on, but better hashed than encrypted.
>
> #3 or above will require an understanding of the system to provide useful guidance.
>
> --
> Richard Gaskin
> Fourth World Systems


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: empty variable

Stephen Barncard via use-livecode
One of the problems with #3 and above is the people who
want your code will probably spend more money and time
figuring out a way to steal the uncompiled code than they
would spend trying to hack the code.

And they most likely have a lot of corrupt connections and
money to spend.

JB


> On Jan 6, 2020, at 7:52 AM, Bob Sneidar via use-livecode <[hidden email]> wrote:
>
> I agree. It's easy to imagine that one can acheive absolute security, but in practice it is impossible by nature. Just someone standing over your shoulder or putting a spy camera in place is all that would be needed. The idea then is to make it as difficult and impractical as possible given the resources you have.
>
> Bob S
>
>
>> On Jan 3, 2020, at 13:59 , Richard Gaskin via use-livecode <[hidden email]> wrote:
>>
>> Inputs often pose a bigger risk than core dumps.
>>
>> Where you ask:
>> "Any suggestions to make it as secure as possible?"
>>
>> ...we might instead ask:
>> "Any suggestions to make it as secure as *practical*?"
>>
>> ...or even:
>> "Any suggestions to make it as secure as *cost-effective*?"
>>
>> There are always ways to make things more secure. The hard part is defining an appropriate level of effort relative to the importance of the secret.
>>
>> Consider this scale of 1 to 5, in terms of how hard people work to keep things secret:
>>
>> 1. My app's reg code
>> 2. A user-defined password
>> 3. A user's social security number
>> 4. Nuclear secrets
>> 5. Trump's tax returns
>>
>> If it's #1 I wouldn't spend more than half an hour thinking about it, for so many reasons covered in this list before.
>>
>> #2 is worth spending some time on, but better hashed than encrypted.
>>
>> #3 or above will require an understanding of the system to provide useful guidance.
>>
>> --
>> Richard Gaskin
>> Fourth World Systems
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode