Re: Security - Best Encryption Tool
From: WJ (JohnWebbs_at_HotMail.Com)
Date: 06/03/04
- Previous message: Alex Kleyman: "RE: Funky FormsAuthentication Cookie Behavior."
- In reply to: Alek Davis: "Re: Security - Best Encryption Tool"
- Next in thread: Alek Davis: "Re: Security - Best Encryption Tool"
- Reply: Alek Davis: "Re: Security - Best Encryption Tool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 3 Jun 2004 16:41:39 -0400
"Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
news:ObT8D1OSEHA.2408@tk2msftngp13.phx.gbl...
> Machine Store is not safe. If a hacker manages to get the WRITE access to
> any of the folders on a compromised machine, he can drop an application
> there which will decrypt any setting encrypted using DPAPI with machine
> store.
This is only possible if one uses Microsoft tool such as the "aspnet_setreg"
to store your data in the registry database. This tool is one example that
MS gave, to avoid this "problem", you will almost have to implement your own
DPAPI (modified) to store your key in other places. However that may be,
system administrator is responsible to lock his server(s) to avoid misshaps.
Cheer
John
- Previous message: Alex Kleyman: "RE: Funky FormsAuthentication Cookie Behavior."
- In reply to: Alek Davis: "Re: Security - Best Encryption Tool"
- Next in thread: Alek Davis: "Re: Security - Best Encryption Tool"
- Reply: Alek Davis: "Re: Security - Best Encryption Tool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
