![[Home]](/static/yumyum.gif)
Some time ago a bold gentleman by the name of “anon” edited the What sucks page on the Hatta’s main wiki, and added a strange line in there:
This is a very silly way of making a feature request – I have no idea what that is supposed to mean. I just can’t imagine a way that “encryption” of any sort could be added to an open wiki like Hatta and be useful in any way. So I made it a link to a feature request on the bug tracker with a question about what it is supposed to mean.
As could be expected, this was a typical “ask and run” feature request. The guy just added his first vague thought to a list and never ever came back. I will give him some more time and close the ticket as “wontfix”, removing his comment from the page. No problem, if you don’t care about your feature requests, why should I?
But the silliness doesn’t end here. Now the Bitbucket is getting pestered about introducing “encryption”. First there was a question on the IRC channel, but nobody managed to answer within the 2-minute attention span of the asker. Now on the mailing list. They guy got a detailed answer about how the Bitbucket infrastructure is secured against code theft, but he keeps on insisting on adding encryption somehow somewhere, not understanding that it is not going to change anything. As it usually happens, his ignorance is coupled with stubbornness and hostility. Sigh.
So I’m writing this post mostly to vent. I don’t think that it will help any of the people I mentioned (or maybe it’s a single person?), because it’s too long for a 2-minute attention span, but perhaps it will clear some matters about web applications.
In short, a web application runs (mostly) on the server, under complete control of the system administrators who have access to that server. If that application needs access to any data (for example to display the contents of your wiki, or contents of your repository), it needs to read that data on the server. That in turn means that if the data is encrypted, the application needs to decrypt it on the server. Anybody who has root privileges on that server also has access to the decrypted data through many means. It doesn’t help if you provide the decryption key every time you use the application, and it doesn’t save it anywhere. It can be modified by the attacker to save it, for example. Or to save the decrypted data. Or the decrypted data can be taken from the application’s memory. Or from different levels of caches. Whatever the application does to obtain the key and decrypt the data, the attacker can do exactly the same thing, if he is determined enough. Once you have a malicious person with root privileges or physical access to the machine, it’s a lost fight. That’s why they do so much to not let that happen.
Then again, if you believe that the source code that you have written in the last month or so is so innovative, revolutionary and precious that there are people willing to go through all the trouble with breaking into that server just to get it – and at the same time you don’t understand the basics of how encryption works – then you need professional help. But don’t seek it on the Internet, you are not going to get it there.