Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

basics logo Security Basics mailing list archives

RE: Encryption Key Question
From: Alexander Klimov <alserkli () inbox ru>
Date: Wed, 2 Mar 2005 18:58:27 +0200 (IST)
On Mon, 28 Feb 2005, blind_chipmunk wrote:


one way to do it is to use the SID of the machine\user. the SID is a
unique identifier which created while installing the OS, and also
per user. MSN is using the SID to encrypt the address book of its
MSN client. until now, I've only seen a local attack on that
encryption (can only be decipher on that specific machine with that
specific user logged in).


This approach is as stupid as using your name (or SSN) as a password.
Key must be secret -- an identifier must be public.

IIUC your question, the best approach is to store the key in a
non-readable-by-others file.

-- 
Regards,
ASK

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]