Re: How good an encryption algorithm is this?

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Igor Tandetnik (itandetnik_at_mvps.org)
Date: 11/24/04 

Date: Wed, 24 Nov 2004 10:28:56 -0500

"Bonj" <benjtaylor at hotpop d0t com> wrote in message
news:eynosKf0EHA.1932@TK2MSFTNGP09.phx.gbl
>> For now, key exchange needs to be solved on a case-by-case basis
>> (that's what security consultants derive most of their income from).
>> So, maybe if you describe the original problem you are trying to
>> solve, rather than your attempted solution, somebody might be able
>> to help you.
>
>
> It's pretty much the problem of the key needing to be constantly
> persisted in software on the client.

Like I said, key exchange is unsolved in the general case. So by
defining the problem in such general terms, you are not going anywhere.

Let's take yet another step back: _why_ do you need the key constantly
persisted in software on the client? What do you need this key for, what
data are you trying to protect, who needs access to this data, how do
you plan to know she is the right person to have access to said data?
What threats do you envision and are trying to protect against?

I highly recommend "Writing Secure Code" by Michael Howard et al [1]. It
has a chapter on storing secrets securely on Windows machine. All of
them essentially boil down to trusting Windows authentication: if the
person managed to log into her Windows account, you assume that she is
indeed who she says she is.

[1] http://www.amazon.com/exec/obidos/tg/detail/-/0735617228 

-- 
With best wishes,
    Igor Tandetnik
With sufficient thrust, pigs fly just fine. However, this is not 
necessarily a good idea. It is hard to be sure where they are going to 
land, and it could be dangerous sitting under them as they fly 
overhead. -- RFC 1925

Relevant Pages

  • Re: How good an encryption algorithm is this?
    ... defining the problem in such general terms, ... data are you trying to protect, who needs access to this data, how do ... What threats do you envision and are trying to protect against? ... has a chapter on storing secrets securely on Windows machine. ...
    (microsoft.public.vc.language)
  • Re: virus in windows system
    ... >> their in my windows operating system help if u can. ... > better protect your Windows system: ... You should at least turn on the built in firewall. ... That's one facet of a secure PC, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: protecting computer
    ... > are 3 steps to protect our computer. ... Microsoft gives you the base guidelines. ... disable your Windows Messenger service. ... by the normal home user and in cooperation with a good firewall, ...
    (microsoft.public.security)
  • Re: Why does Windows allow Worms?
    ... non-fool for the operating system. ... If Windows were to disappear tomorrow, someone else would inherit all those ... it better and protect themselves better. ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (comp.security.misc)
  • Re: Intel VPro
    ... Build a Virtual Machine Monitor (VMM) into the firmware so that the PC ... sysadmin locked down Windows and installed something else and cut them off ... that you have an API to attack and malformed data attacks to try. ... It also doesn't protect against Trojans, by the time it has been executed ...
    (comp.arch)