Security Basics: Re: Encryption Key Question

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

Re: Encryption Key Question

From: Zaven <zaven () sonic net>
Date: Wed, 02 Mar 2005 21:20:57 -0800

David Heise wrote:

Here's my question:
What is the best method of storing this passphrase internally in the
application such that it would be as secure as possible?

AFAIK, you can't store the passphrase anywhere securely. You shouldthink in terms of requiring the user/other process/whatever to input thepassphrase in to authenticate, and then storing only the hash digest.

If anyone knows how (e.g., Apple Keychain Manager) manages to diaplatthe plaintext of stored passwords, I'd like to know, because it makes menervous :)


Zaven

By Date By Thread

Current thread:

Encryption Key Question David Heise (Feb 28)
- RE: Encryption Key Question David Gillett (Feb 28)
  - Re: Encryption Key Question David Heise (Feb 28)
    - RE: Encryption Key Question blind_chipmunk (Mar 01)
    - RE: Encryption Key Question Alexander Klimov (Mar 02)
- Re: Encryption Key Question Zaven (Mar 03)
- <Possible follow-ups>
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)
  - Re: Encryption Key Question David Heise (Mar 04)
    - RE: Encryption Key Question David Gillett (Mar 04)
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)