Re: Password Protection

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: "Dave O." <nobody@xxxxxxxxxxx>
Date: Thu, 28 Aug 2008 15:31:51 +0100

"MikeD" <nobody@xxxxxxxxxxx> wrote in message
news:%2363$%23QRCJHA.3396@xxxxxxxxxxxxxxxxxxxxxxx

"Dave O." <nobody@xxxxxxxxxxx> wrote in message
news:%23wvUrMRCJHA.2056@xxxxxxxxxxxxxxxxxxxxxxx

Firstly: rule one on password protection - Storing a password ANYWHERE
(as plain text) renders the security virtually non-existent, storing it
in the registry is a joke.

Not necessarily....as long as it's encrypted.

Er, which part of "(as plain text)" don't you understand?
You are broadly correct that any encryption would work, but as there is no
need to ever get the plain text password back from the crypt-text then why
bother to have the facility as it is just a potential security hole. Anyway
making a hash is no more complex than doing an encrypt and inherently more
secure.

<snip>

Now all of that I agree with 100%. I must admit, in my reply, I didn't
take into consideration simply deleting the password in the Registry.

Important tip, when designing security pretend to be a black hat and see how
it can be circumvented.

To reiterate what I said before, the level and complexity of security should
be proportional to the value of the software and the data it manipulates.

Regards
Dave O.

.

Follow-Ups:
- Re: Password Protection
  - From: MikeD

References:
- Re: Password Protection
  - From: MikeD

Prev by Date: Re: Password Protection
Next by Date: Re: Mouse & Subclass
Previous by thread: Re: Password Protection
Next by thread: Re: Password Protection
Index(es):
- Date
- Thread

Relevant Pages

[NT] NoHTML Built-in Outlook 2002 Feature Protects Against Malicious Code
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... non-encrypted e-mail in plain text format. ... guarantee that problems resulting from the incorrect use of Registry ... For information about how to edit the registry, ...
(Securiteam)
Re: Which is more secure RC2 or RC4 ?
... in the registry) they are secure enough for your purposes, ... This will IMHO be the only benefit encryption offers ... RC2 is entirely appropriate for this level of security. ... 64 bit ought to be all right too in order to avoid making encryption ...
(sci.crypt)
Re: Important note about NoHTML and Outlook 2002
... And, because it's from Microsoft, they only did it half-a$$ed -- ... "ReadAs Plain". ... implement your own security measures. ... Protect your servers with 128-bit SSL encryption! ...
(NT-Bugtraq)
Re: How can I have a user select a local MS SQL database using vb.net? TIA SAL
... Its just a general design strategy of reducing the attack surface of an application/security in ... against attack.i.ebake security into every layer of your application right from the get go. ... Just becuase they can hack a server doesn;t mean they access they can access the registry. ... but given the simplicity of encryption in dotNet framework i see little ...
(microsoft.public.dotnet.languages.vb)
Re: how to encrypt the 10-digit values into encrypted 10-digit values?
... I have an assignment about increasing the security of the ... if you have 1 billion clear values, then encryption is ... useless if the number of plain text values approaches the size of the ... Keep the two lists secret and only give the ...
(sci.crypt)