Security Basics mailing list archives
RE: Encryption Key Question
From: Alexander Klimov <alserkli () inbox ru>
Date: Wed, 2 Mar 2005 18:58:27 +0200 (IST)
On Mon, 28 Feb 2005, blind_chipmunk wrote:
one way to do it is to use the SID of the machine\user. the SID is a unique identifier which created while installing the OS, and also per user. MSN is using the SID to encrypt the address book of its MSN client. until now, I've only seen a local attack on that encryption (can only be decipher on that specific machine with that specific user logged in).
This approach is as stupid as using your name (or SSN) as a password. Key must be secret -- an identifier must be public. IIUC your question, the best approach is to store the key in a non-readable-by-others file. -- Regards, ASK
Current thread:
- Encryption Key Question David Heise (Feb 28)
- RE: Encryption Key Question David Gillett (Feb 28)
- Re: Encryption Key Question David Heise (Feb 28)
- RE: Encryption Key Question blind_chipmunk (Mar 01)
- RE: Encryption Key Question Alexander Klimov (Mar 02)
- Re: Encryption Key Question David Heise (Feb 28)
- RE: Encryption Key Question David Gillett (Feb 28)
- Re: Encryption Key Question Zaven (Mar 03)
- <Possible follow-ups>
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)
- Re: Encryption Key Question David Heise (Mar 04)
- RE: Encryption Key Question David Gillett (Mar 04)
- Re: Encryption Key Question David Heise (Mar 04)
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)
- RE: Encryption Key Question Simon Zuckerbraun (Mar 04)
- Re: Encryption Key Question Dr. S. A. Vetha Manickam (Mar 04)