RE: Password Hiding

From: Michael Silk (michaels_at_phg.com.au)
Date: 07/30/03

  • Next message: Qin An: "[Q] cksum of UDP packet" 
    Date: Wed, 30 Jul 2003 09:02:36 +1000
To: "pablo gietz" <pablo.gietz@nuevobersa.com.ar>, "secprog" <secprog@securityfocus.com>

    You cannot.

    Make the user keep it on some external source that
    they must connect when the run your program. hiding
    the password is not possible (unless it is acceptable
    that their computer is compromised an the key
    is recovered).

    -- Michael

    -----Original Message-----
    From: pablo gietz [mailto:pablo.gietz@nuevobersa.com.ar]
    Sent: Wednesday, 30 July 2003 4:14 AM
    To: secprog
    Subject: Password Hiding

    Hi all
    This is my first post,
    What can I do to hide a password that is used to encrypt-decrypt a
    config.file? .
    Where to save the password?. The program must run without user
    intervention and use this password to access that file.

    Language: Delphi

    Platform: windows

    Thanks 

    --
Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351
La información y archivos contenidos en este mensaje son confidenciales y para utilización exclusiva de los destinatarios consignados. Si Usted no reviste ese carácter, no se encuentra autorizado para divulgar, copiar,distribuir o retener todo o parte de la informacion y archivos, y deberá notificarlo de inmediato al remitente y eliminarlo de su sistema. Muchas gracias.
CAUTION: This email message and accompanying data may contain information that is confidential and/or subject to legal privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this email message in error, please notify us immediately and erase all copies of this message and attachments. Thank you.
This email is for your convenience only, you should not rely on any information contained herein for contractual or legal purposes. You should only rely on information and/or instructions in writing and on company letterhead signed by authorised persons.
  • Next message: Qin An: "[Q] cksum of UDP packet"

    Relevant Pages

    • Re: Deinition of OOP needed for programming language documentation
      ... background vs. technical definition of language elements). ... was confused about the level of abstraction of your documentation goals. ... notion of behavior hiding doesn't get equal press. ... applies to identifying objects within a subsystem. ...
      (comp.object)
    • Re: is python Object oriented??
      ... to enforce hiding using static checking tools if you really feel the ... hiding" is a trivial matter of deleting the word "private" (or ... reviews for checks that could be automated by the language. ...
      (comp.lang.python)
    • Re: Feedback wanted on programming introduction (Python in Windows)
      ... programming). ... but I think that hiding such concerns is a real disservice. ... the with statement is an example of having different behavior when it was moved out of __future__ and made a standard part of the language. ...
      (comp.lang.python)
    • Re: newbie: I/O with nasm
      ... James Daughtry wrote in part: ... the language, I don't think it's a critical issue. ... Bad habits are learned early! ... Assembly is especially not about hiding. ...
      (alt.lang.asm)
    • Re: is python Object oriented??
      ... without defining a single class. ... By analogy, if data hiding is added to language, I could write a ... whole system without hiding a single item. ... think that hiding the socket object is the only sane thing to do. ...
      (comp.lang.python)