Secure Coding mailing list archives
Best practices for encrypting client-side data
From: ljknews at mac.com (ljknews)
Date: Thu, 10 May 2007 07:01:14 -0400
At 12:01 PM +1200 5/10/07, Robin Sheat wrote:
Content-Type: multipart/signed; boundary="nextPart1622971.NJ1973Q3ia"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit On Wednesday 09 May 2007 02:11:05 ljknews wrote:I would suggest two factor authentication, requiring some smart card (with built-in keypad, to prevent intercept of the pin) that actually provides the decryption. Make the user keep the smart card with them, such as by requiring it for entrance to the cafeteria or rest room.That's not possible in this case. Mostly because it would involve more investment on our part than the customers would be willing to pay for. However, I'm interested in generalising the ideas in this thread to go beyond my particular situation; "if you were storing data in an application on a laptop, how would you keep it as safe as is feasible?"
The tension between "as safe as is feasible" and "not willing to pay for" is not susceptible to generalization. -- Larry Kilgallen
Current thread:
- Best practices for encrypting client-side data Robin Sheat (May 08)
- Best practices for encrypting client-side data ljknews (May 08)
- Best practices for encrypting client-side data Robin Sheat (May 09)
- Best practices for encrypting client-side data ljknews (May 10)
- Best practices for encrypting client-side data Robin Sheat (May 09)
- Best practices for encrypting client-side data Blue Boar (May 08)
- Best practices for encrypting client-side data Robin Sheat (May 09)
- <Possible follow-ups>
- Best practices for encrypting client-side data SC-L Subscriber Dave Aronson (May 08)
- Best practices for encrypting client-side data Robin Sheat (May 09)
- Best practices for encrypting client-side data ljknews (May 08)