WebApp Sec mailing list archives
RE: key storage
From: "Michael Howard" <mikehow () microsoft com>
Date: Tue, 31 Aug 2004 11:58:52 -0700
Michael, you're suggestion of using SHA-1(passphrase + salt) is vulnerable to a somewhat esoteric cryptographic attack called a "Length Extension Attack" You should use: H(salt,H(passphrase)) Instead. The attack is touched upon in Ferguson's Practical Cryptography. [Writing Secure Code] http://www.microsoft.com/mspress/books/5957.asp [Protect Your PC] http://www.microsoft.com/protect [Blog] http://blogs.msdn.com/michael_howard [On-line Security Training] http://mste/training/offerings.asp?TrainingID=53074 -----Original Message----- From: Scovetta, Michael V [mailto:Michael.Scovetta () ca com] Sent: Tuesday, August 31, 2004 7:04 AM To: Brown, James F.; Ajay Cc: webappsec () securityfocus com Subject: RE: key storage I would add a comment here (obviously): Don't use the SHA-1 hash of the passphrase, but rather, the SHA-1 hash of the (passphrase+salt). Otherwise, you rely on the choice of passphrase to protect against dictionary attacks. Mike -----Original Message----- From: Brown, James F. [mailto:James.F.Brown () FMR com] Sent: Monday, August 30, 2004 10:01 AM To: Ajay Cc: webappsec () securityfocus com Subject: RE: key storage No problem. That's the "best practice", I believe. - Jim -----Original Message----- From: Ajay [mailto:abra9823 () mail usyd edu au] Sent: Monday, August 30, 2004 9:29 AM To: Brown, James F. Cc: webappsec () securityfocus com Subject: RE: key storage yup, thats the idea. do you see any problems with it cheers Quoting "Brown, James F." <James.F.Brown () FMR com>:
You're going to use the SHA-1 hash of the passphrase as the actual key for the symmetric encryption, right? ================================ James F. Brown CISM, CISA Sr. Director, Information Security Fidelity Investments james.f.brown () fmr com http://www.fidelity.com -----Original Message----- From: Ajay [mailto:abra9823 () mail usyd edu au] Sent: Saturday, August 28, 2004 12:25 AM To: Brown, James F. Cc: George Capehart; webappsec () securityfocus com Subject: RE: key storage thanks. from responses on other mailing lists, i am moving towards the idea of having some sort of proxy server application which at startup is supplied a passphrase. it uses the passphrase to decrypt a passphrase encrypted file and loads keys from there. the file itself can be removed then my main application can then query the proxy when it needs the keys. ofcourse this introduces the problem of securing the exchange between the main and the proxy. the reason i have the proxy in the first place is because my main app
is
a bunch of cgi scripts where state is stored by only writing to a file
and
i do not have access to the webserver where the application is hosted. it will all be remarkable slow though... cheers -- Ajay Brar, Quoting "Brown, James F." <James.F.Brown () FMR com>:Chapter 8 in Applied Cryptography only discussed key storage in
areas
where users are involved. If you have an server application that
uses
crypto with no users involved, it doesn't offer much help. I'll
check
Bruce's newer book "Practical Cryptography" to see if he's addressed that topic, but I won't be able to report on it until Monday. ================================ James F. Brown CISM, CISA Sr. Director, Information Security Fidelity Investments james.f.brown () fmr com http://www.fidelity.com -----Original Message----- From: George Capehart [mailto:gwc () acm org] Sent: Thursday, August 26, 2004 1:41 PM To: webappsec () securityfocus com Subject: Re: key storage On Wednesday 25 August 2004 21:12, Ajay allegedly wrote:and also is there any significant paper on key storage - a journalorconference paper? its for my thesis and it would be nice if i could quote a the findings of some paperAjay, There has been *lots* written about key storage. It's a pretty important topic . . . :> Google is your friend. A great place to start, though is Chapter 8 (Key Management) in _Applied_Cryptology (ISBN 0-471-11709-9) by Bruce Schneier. Cheers, George Capehart -- George W. Capehart Key fingerprint: 3145 104D 9579 26DA DBC7 CDD0 9AE1 8C9C DD70 34EA "With sufficient thrust, pigs fly just fine." -- RFC 1925---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Current thread:
- RE: key storage, (continued)
- RE: key storage Scovetta, Michael V (Aug 31)
- RE: key storage Roman Fail (Aug 31)
- RE: key storage Ajay (Aug 31)
- Re: key storage George Capehart (Sep 02)
- RE: key storage Mark Curphey (Sep 05)
- RE: key storage Frank Knobbe (Sep 04)
- RE: key storage Frank Knobbe (Sep 04)
- Re: key storage George Capehart (Sep 04)
- Re: key storage Frank Knobbe (Sep 04)
- Re: key storage George Capehart (Sep 04)
- Re: key storage Ajay (Sep 05)