Re: Looking for Suggestions on Hash Key Creation
- From: comphelp@xxxxxxxxx (Todd H.)
- Date: Tue, 25 Mar 2008 21:17:40 -0500
jwwest <jwwest@xxxxxxxxx> writes:
I'm building a CGI eCommerce store and I'm looking for ways to create
a decent 2 way encryption. Of course in a scripted language, I don't
want my key in the script itself, but would rather store it somewhere
obfuscated such as in a compiled C++ binary. (I know it doesn't help -
much-, but defense in layers)
A .NET programmer friend of mine uses a method that involves
generating a hash from the Volume ID of the hard drive to use as a
key. I like this approach, but am wary of hardware/software changes
that will break my key.
Am I going about this the correct way? Is there a better method for
creating a decently secure 2 way encryption using a scripted language?
Any help is very much appreciated. Thanks.
The path to hell is paved with such intentions. :-)
You may get a lot of mileage out of the OWASP Guide to web
application security, specifically this chapter:
http://www.owasp.org/index.php/Cryptography
More generally
http://www.owasp.org/index.php/Guide_Table_of_Contents
Best Regards,
--
Todd H.
http://www.toddh.net/
.
- References:
- Looking for Suggestions on Hash Key Creation
- From: jwwest
- Looking for Suggestions on Hash Key Creation
- Prev by Date: Online Class CISM Certification
- Next by Date: Re: Looking for Suggestions on Hash Key Creation
- Previous by thread: Looking for Suggestions on Hash Key Creation
- Next by thread: Re: Looking for Suggestions on Hash Key Creation
- Index(es):
Relevant Pages
|
|
