Security Basics mailing list archives
Re: Encryption Key Question
From: "Dr. S. A. Vetha Manickam" <avmanickam () yahoo com>
Date: Fri, 4 Mar 2005 04:39:48 -0800 (PST)
Hi, Passphrase is never stored on the device, rather like hash or virtual password derived from passphrase is stored on the system or compared with stored value for authentication with regards Dr. Manickam, Ph.D., CISSP, BS7799 --- Zaven <zaven () sonic net> wrote:
David Heise wrote:Here's my question: What is the best method of storing this passphrase internally in the application such that it would be as secure as possible?AFAIK, you can't store the passphrase anywhere securely. You should think in terms of requiring the user/other process/whatever to input the passphrase in to authenticate, and then storing only the hash digest. If anyone knows how (e.g., Apple Keychain Manager) manages to diaplat the plaintext of stored passwords, I'd like to know, because it makes me nervous :) Zaven
__________________________________ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/
Current thread:
- RE: Encryption Key Question, (continued)
- RE: Encryption Key Question David Gillett (Feb 28)
- Re: Encryption Key Question David Heise (Feb 28)
- RE: Encryption Key Question blind_chipmunk (Mar 01)
- RE: Encryption Key Question Alexander Klimov (Mar 02)
- Re: Encryption Key Question David Heise (Feb 28)
- RE: Encryption Key Question David Gillett (Feb 28)
- Re: Encryption Key Question Zaven (Mar 03)
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)
- Re: Encryption Key Question David Heise (Mar 04)
- RE: Encryption Key Question David Gillett (Mar 04)
- Re: Encryption Key Question David Heise (Mar 04)
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)
- Re: Encryption Key Question Dr. S. A. Vetha Manickam (Mar 04)