Hi,
Passphrase is never stored on the device, rather like hash or virtual password derived
from passphrase is stored on the system or compared with stored value for authentication
with regards
Dr. Manickam, Ph.D., CISSP, BS7799
--- Zaven <zaven_at_sonic.net> wrote:
> David Heise wrote:
>
> > Here's my question:
> > What is the best method of storing this passphrase internally in the
> > application such that it would be as secure as possible?
>
> AFAIK, you can't store the passphrase anywhere securely. You should
> think in terms of requiring the user/other process/whatever to input the
> passphrase in to authenticate, and then storing only the hash digest.
>
> If anyone knows how (e.g., Apple Keychain Manager) manages to diaplat
> the plaintext of stored passwords, I'd like to know, because it makes me
> nervous :)
>
> Zaven
>
__________________________________
Celebrate Yahoo!'s 10th Birthday!
Yahoo! Netrospective: 100 Moments of the Web
http://birthday.yahoo.com/netrospective/
Received on Mar 04 2005
Intro
