Better security



Hi;

First off, if you have not read Dominick Baier's book yet - GO READ IT
NOW. That is the book I wish I had read first - would have saved me
boatloads of time.

Ok, on to the question. It seems to me the best way to store secrets
that we need to plaintext of (ie can't just hash and save the hash) is
to:

Have person A know the connection string to the database.

Have person B know the symentric key used to encrypt the secrets

Have person C be the only one with access to the server and to the
web.config file.

The question is, how do we get the ifno from person's A & B into the
Web.Config file and encrypted in the Web.Config file. If person C does
that they've seen them unencrypted. If person A & B do it, they are
then on the server for a short period of time.

??? - thanks - dave

david@at-at-at@windward.dot.dot.net
Windward Reports -- http://www.WindwardReports.com
me -- http://dave.thielen.com

Cubicle Wars - http://www.windwardreports.com/film.htm
.



Relevant Pages

  • RE: Can Kerberos be cracked??
    ... If you were able to decrypt the timestamp ... As for your assumption about the hash being as good as the password, ... > encrypt the timestamp) still be susceptible to brute-force> using dictionary ... The server doesn't actually know what the user's>>password is, ...
    (Focus-Microsoft)
  • Re: Can Kerberos be cracked??
    ... > against the encrypted timestamp. ... > As for your assumption about the hash being as good as the password, ... >> encrypt the timestamp) still be susceptible to brute-force ... The server doesn't actually know what the user's ...
    (Focus-Microsoft)
  • Re: Problems with public key decryption with RSA
    ... with securing the "Private key" at the clients. ... Encrypt key / IV with public RSA key of server. ... Sign hash and sign data elements with HMAC-SHA1 using symmetric key. ...
    (microsoft.public.dotnet.framework)
  • Re: Problems with public key decryption with RSA
    ... with securing the "Private key" at the clients. ... Encrypt key / IV with public RSA key of server. ... Sign hash and sign data elements with HMAC-SHA1 using symmetric key. ...
    (microsoft.public.platformsdk.security)
  • Re: Problems with public key decryption with RSA
    ... with securing the "Private key" at the clients. ... Encrypt key / IV with public RSA key of server. ... Sign hash and sign data elements with HMAC-SHA1 using symmetric key. ...
    (microsoft.public.dotnet.security)