Re: Importance of salt

vla10d_at_gmail.com
Date: 09/16/05

• Next message: Dominick Baier [DevelopMentor]: "Re: Importance of salt"
• Previous message: vla10d_at_gmail.com: "Re: Importance of salt"
• In reply to: William Stacey [MVP]: "Re: Importance of salt"
• Next in thread: William Stacey [MVP]: "Re: Importance of salt"
• Reply: William Stacey [MVP]: "Re: Importance of salt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 16 Sep 2005 01:25:27 -0700

Well, at the moment, I'm just gathering information and clearing few
unclear things... :) But, for our discussion, lets say the application
stores documents and there is a feature to store those documents
securely by encrypting them. The encryption or key storage shoudn't be
machine specific, so we can't use DPAPI or something like that to store
the key. So, we use passwords to generate a key. Users must also be
able to share those documents, provided they share the password as well
(lets ignore the transport of the password at the moment).

This is a basic scenarion. I am aware that the strength of the password
determines the strength of the entire process, and thats why I was
curious how much does the salting help. Not much, as I see... :)

You mentioned key exchange... I thought about asymetric encryption, but
this would mean that a document can be shared only by two people,
right? Also, there is the issue of private key storage. Lets assume
that the machine gets compromised, or that the application resides on
the server, shared computer, or something like that... I would be much
more comfortable knowing that there are no explicit trails of the key
on the machine and that the only way to retrieve it is by a dictionary
attack or by user torture ;)...

V.

---

• Next message: Dominick Baier [DevelopMentor]: "Re: Importance of salt"
• Previous message: vla10d_at_gmail.com: "Re: Importance of salt"
• In reply to: William Stacey [MVP]: "Re: Importance of salt"
• Next in thread: William Stacey [MVP]: "Re: Importance of salt"
• Reply: William Stacey [MVP]: "Re: Importance of salt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Security - Best Encryption Tool ... DPAPI with user store cannot be used from an ASP.NET application unless you ... If you use DPAPI encryption with machine store and your machine ... (microsoft.public.vb.general.discussion) Re: Security - Best Encryption Tool ... DPAPI with user store cannot be used from an ASP.NET application unless you ... If you use DPAPI encryption with machine store and your machine ... (microsoft.public.dotnet.distributed_apps) Re: Security - Best Encryption Tool ... DPAPI with user store cannot be used from an ASP.NET application unless you ... If you use DPAPI encryption with machine store and your machine ... (microsoft.public.dotnet.framework.aspnet.buildingcontrols) Re: Security - Best Encryption Tool ... DPAPI with user store cannot be used from an ASP.NET application unless you ... If you use DPAPI encryption with machine store and your machine ... (microsoft.public.dotnet.framework.aspnet.security) Re: Hash question ... ... header of the file. ... When a user enters an incorrect passphrase, ... if I generate an encryption key with the ... could I safely store the SHA of the passphrase ... (sci.crypt)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)