<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Security Basics: Re: Encryption Key Question

Re: Encryption Key Question

From: Zaven <zaven_at_sonic.net>
Date: Wed, 02 Mar 2005 21:20:57 -0800

David Heise wrote:

> Here's my question:
> What is the best method of storing this passphrase internally in the
> application such that it would be as secure as possible?

AFAIK, you can't store the passphrase anywhere securely. You should
think in terms of requiring the user/other process/whatever to input the
passphrase in to authenticate, and then storing only the hash digest.

If anyone knows how (e.g., Apple Keychain Manager) manages to diaplat
the plaintext of stored passwords, I'd like to know, because it makes me
nervous :)

Zaven
Received on Mar 03 2005

This message: [ Message body ]
Next message: David Glosser: "Re: securing linux webserver?"
Previous message: Nick Owen: "Re: PPTP VERY long & strong passwords - Strong enough ?"
In reply to: David Heise: "Encryption Key Question"
Next in thread: Simon Zuckerbraun: "RE: Encryption Key Question"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]