Security Basics mailing list archives
RE: key storage
From: "Andrew Tucker" <atucker () windows microsoft com>
Date: Thu, 26 Aug 2004 15:05:51 -0700
What platform are you using? On Windows this is the exact problem that DPAPI was developed to solve. Another generic solution is to protect them with a key derived from a password that the user enters so you never actually have to store the key. -----Original Message----- From: Ajay [mailto:abra9823 () mail usyd edu au] Sent: Wednesday, August 25, 2004 4:01 AM To: security-basics () securityfocus com Subject: key storage hi! i am building a web application. for client authentication, i am using cookies which include the HMAC of the data. the server also has a public/private key pair for signing and verifying information. my question is how should these be stored on the server? encryption is the best solution, but if i encrypt them with another key, the question is where does this key get stored? thanks cheers ajay ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------ --- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- key storage Ajay (Aug 25)
- <Possible follow-ups>
- RE: key storage Andrew Tucker (Aug 30)
- RE: key storage Ajay (Aug 30)