On Wednesday 30 June 2004 20:51, Dave Andrews allegedly wrote:
> Hello All,
>
> Is anyone aware of a way to store encrypted sensitive data in RAM for
> access via a web application using ASP? It would be posted in the
> same manner.
> Is storing in RAM preferable to using an encrypted database, in this
> case SQL 2000?
> Is there anyway to securely delete or timeout the data after a
> certain period of time?
> If you discard the data are there potential problems with California
> SB 1386 and being able to track intrusions and possible data
> compromise?
>
> I'm not a developer, but want a better solution than what the
> developers and client have proposed.
Dave,
Answers to crypto questions are very seldom simple or short. You've
asked some pretty open-ended questions for which there are many
answers. Choosing from among them will be your real task. Before you
do, I would urge you to at least skim _Practical_Cryptography_ by Niels
Ferguson and Bruce Schneier (ISBN 0-471-22357-3). Doing crypto well is
*very* hard. This book should help provide you with a context from
within which to evaluate the answers you get.
Best regards,
George Capehart
--
George W. Capehart
Key fingerprint: 3145 104D 9579 26DA DBC7 CDD0 9AE1 8C9C DD70 34EA
"With sufficient thrust, pigs fly just fine." -- RFC 1925
Received on Jul 01 2004
Intro
