|
Security Basics
mailing list archives
Re: Encryption Key Question
From: "Dr. S. A. Vetha Manickam" <avmanickam () yahoo com>
Date: Fri, 4 Mar 2005 04:39:48 -0800 (PST)
Hi,
Passphrase is never stored on the device, rather like hash or virtual password derived
from passphrase is stored on the system or compared with stored value for authentication
with regards
Dr. Manickam, Ph.D., CISSP, BS7799
--- Zaven <zaven () sonic net> wrote:
David Heise wrote:
Here's my question:
What is the best method of storing this passphrase internally in the
application such that it would be as secure as possible?
AFAIK, you can't store the passphrase anywhere securely. You should
think in terms of requiring the user/other process/whatever to input the
passphrase in to authenticate, and then storing only the hash digest.
If anyone knows how (e.g., Apple Keychain Manager) manages to diaplat
the plaintext of stored passwords, I'd like to know, because it makes me
nervous :)
Zaven
__________________________________
Celebrate Yahoo!'s 10th Birthday!
Yahoo! Netrospective: 100 Moments of the Web
http://birthday.yahoo.com/netrospective/
 By Date 
By Thread
Current thread:
- RE: Encryption Key Question, (continued)
|
Intro
