Security Basics mailing list archives

Encryption Key Question

From: David Heise <dheise () gmail com>
Date: Fri, 25 Feb 2005 17:57:17 -0700

I have a situation which seems to be an endless loop but maybe someone
out here can help me. I'm using SHA-256 has my hash function and AES
as the encryption method. I have a byte array of data and a string
that is the passphrase (currently the string is 306 characters long).
I hash the passphrase and use it to encrypt the data. Since I'm
writing this as part of an application I want to hardcode the
passphrase into the application, however as a string it would be
fairly simple to find it in the complied code.

Here's my question:
What is the best method of storing this passphrase internally in the
application such that it would be as secure as possible?



Unrelated Question:
Is there any security hole in using the data as the key? (other than
it makes it hard/impossible to get it back out)


Thanks
-- 
David B Heise [dheise () gmail com]
http://students.cs.byu.edu/~dheise

Current thread:

Encryption Key Question David Heise (Feb 28)
- RE: Encryption Key Question David Gillett (Feb 28)
  - Re: Encryption Key Question David Heise (Feb 28)
    - RE: Encryption Key Question blind_chipmunk (Mar 01)
    - RE: Encryption Key Question Alexander Klimov (Mar 02)
- Re: Encryption Key Question Zaven (Mar 03)
- <Possible follow-ups>
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)
  - Re: Encryption Key Question David Heise (Mar 04)
    - RE: Encryption Key Question David Gillett (Mar 04)
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)

(Thread continues...)