Security Basics mailing list archives
Re: Encryption Key Question
From: Zaven <zaven () sonic net>
Date: Wed, 02 Mar 2005 21:20:57 -0800
David Heise wrote:
Here's my question: What is the best method of storing this passphrase internally in the application such that it would be as secure as possible?
AFAIK, you can't store the passphrase anywhere securely. You should think in terms of requiring the user/other process/whatever to input the passphrase in to authenticate, and then storing only the hash digest.
If anyone knows how (e.g., Apple Keychain Manager) manages to diaplat the plaintext of stored passwords, I'd like to know, because it makes me nervous :)
Zaven
Current thread:
- Encryption Key Question David Heise (Feb 28)
- RE: Encryption Key Question David Gillett (Feb 28)
- Re: Encryption Key Question David Heise (Feb 28)
- RE: Encryption Key Question blind_chipmunk (Mar 01)
- RE: Encryption Key Question Alexander Klimov (Mar 02)
- Re: Encryption Key Question David Heise (Feb 28)
- RE: Encryption Key Question David Gillett (Feb 28)
- Re: Encryption Key Question Zaven (Mar 03)
- <Possible follow-ups>
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)
- Re: Encryption Key Question David Heise (Mar 04)
- RE: Encryption Key Question David Gillett (Mar 04)
- Re: Encryption Key Question David Heise (Mar 04)
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)
- Re: Encryption Key Question Dr. S. A. Vetha Manickam (Mar 04)