<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Security Basics: RE: Encryption Key Question

RE: Encryption Key Question

From: Alexander Klimov <alserkli_at_inbox.ru>
Date: Wed, 2 Mar 2005 18:58:27 +0200 (IST)

On Mon, 28 Feb 2005, blind_chipmunk wrote:

> one way to do it is to use the SID of the machine\user. the SID is a
> unique identifier which created while installing the OS, and also
> per user. MSN is using the SID to encrypt the address book of its
> MSN client. until now, I've only seen a local attack on that
> encryption (can only be decipher on that specific machine with that
> specific user logged in).

This approach is as stupid as using your name (or SSN) as a password.
Key must be secret -- an identifier must be public.

IIUC your question, the best approach is to store the key in a
non-readable-by-others file.

-- 
Regards,
ASK

Received on Mar 02 2005

This message: [ Message body ]
Next message: Nick Owen: "Re: PPTP VERY long & strong passwords - Strong enough ?"
Previous message: Kelly Martin: "SF new article announcement: Apache 2 with SSL/TLS: Step-by-Step, Part 3"
In reply to: blind_chipmunk: "RE: Encryption Key Question"
Next in thread: Zaven: "Re: Encryption Key Question"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]