Security Basics mailing list archives
Encryption Key Question
From: David Heise <dheise () gmail com>
Date: Fri, 25 Feb 2005 17:57:17 -0700
I have a situation which seems to be an endless loop but maybe someone out here can help me. I'm using SHA-256 has my hash function and AES as the encryption method. I have a byte array of data and a string that is the passphrase (currently the string is 306 characters long). I hash the passphrase and use it to encrypt the data. Since I'm writing this as part of an application I want to hardcode the passphrase into the application, however as a string it would be fairly simple to find it in the complied code. Here's my question: What is the best method of storing this passphrase internally in the application such that it would be as secure as possible? Unrelated Question: Is there any security hole in using the data as the key? (other than it makes it hard/impossible to get it back out) Thanks -- David B Heise [dheise () gmail com] http://students.cs.byu.edu/~dheise
Current thread:
- Encryption Key Question David Heise (Feb 28)
- RE: Encryption Key Question David Gillett (Feb 28)
- Re: Encryption Key Question David Heise (Feb 28)
- RE: Encryption Key Question blind_chipmunk (Mar 01)
- RE: Encryption Key Question Alexander Klimov (Mar 02)
- Re: Encryption Key Question David Heise (Feb 28)
- RE: Encryption Key Question David Gillett (Feb 28)
- Re: Encryption Key Question Zaven (Mar 03)
- <Possible follow-ups>
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)
- Re: Encryption Key Question David Heise (Mar 04)
- RE: Encryption Key Question David Gillett (Mar 04)
- Re: Encryption Key Question David Heise (Mar 04)
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)