Re: AES Questions From Another Dummy.

C++ rand() is typically not recommended. If your data is for
children, you may be putting yourself in a litigious position
(assuming you're from the US, litigation centre)

The fact so many people will be accessing and editing this information
would lead me to believe it should be web-based. But I'm biased.

Encrypting so several people can read it makes me think public-key crypto..
But if your threat model is allows it, you can just protect the website
with SSL and user/pswd account systems and leave it there.

The other extreme would be to have everything in the database encrypted using
GPG (or similar tech). Coach A wants to allow Coaches B,C,D to read a given
entry but not Coach-Z - so Coach-A encrypts entry about Client-X with the public-keys
of B C and D. This will not be a simple job and will likely need a developer
who is familiar with crypto and web-apps. And the question of doing the
crypto in the browser vs. the server is worth investigating if you're considering
this option. Again - not simple.

You've asked sci.crypt for help here. And my personal (and Confessionally[1~
professional) opinion if you need to talk to someone who knows this stuff
and get them to pull all the requirements from you and spec out a system
that:
a) meets your requirements (and not your desires, dreams are expensive)
b) can be built using your existing resources (both technical and manpower)

JLC

ps. Disclaimer: I do exactly this for a living here in Ottawa.

Larry Lindstrom <nobody@xxxxxxxxxxx> wrote:
Thanks for you advice Folks:

I appreciate your comments and I wanted to touch
base before too much time passes.

I've been pulled from the encryption for a couple
of days, but I'll be back on it Thursday, US West
coast time.

The plan to roll my own encryption is abandoned.

I've downloaded gnupg for Windows. I'm not sure
exactly what to do with it yet, the user manual is
in German.

I'm getting the impression that Gnupg is a
command line tool. I'm looking for an API that
allows individual fields to be encrypted in the
database.

The GPG site refers to a package called "gpgme"
which apparently has a nice high level interface
to GPG. This isn't in the GPG4Windows package so
I'm loading gnupg and gpgme on Solaris so I can
see how it fits together.

I'll tell you a little more about the
application I've been working on.

It's a Windows program written in C++, the
initial target audience will be instructors and
coaches for sports clubs and similar businesses.
Later versions of this software will address
staffing issues for what I hope is a broader
market.

I'm using Firebird, an SQL database engine with
an option to be stand alone, the DLL is the engine,
or more conventional client-server where the DLL
is the interface to the database running on a
server.

I currently plan on encrypting only personal
information. Information that will be used to
query the database, like ages and proficiency in
the sport, will remain in clear text so the DB
can use it in SQL WHILE clauses.

As stated, I see the primary threat as the
theft of a laptop, however my client, a tennis
pro, tells of another pro at a facility he worked
for trying to poach his students. So he wouldn't
trust his co-workers.

Really, I don't know where a threat might come
from, but I'd like to think I've made a reasonable
effort to protect those who use this product.

So I was thinking I'd start the program by
asking the user to type a key, have them confirm
that key by typing it a second time, and using
that for the encryption. Is there is a more
flexible approach I should consider?

The business can dictate a single key for all
users, to allow sharing of data.

Even I can see shortcomings to this method,
what happens if they accidentally have the shift
lock on when they entered the key? They can
enter a lot of information that will be lost
when they try to decrypt it with the correct
key.

Mike Amling asked about key management. I
don't know my options.

I haven't thought much about public/private
keys. As the programmer of a product that will
be sold, well licensed, I'll have no involvement
in the management of the data. That will be
the responsibility of the customer.

You folks have been so generous, let me blue
sky for a minute. What I'm asking for may well
be imposable.

It would be nice if each user could encrypt
data, but allow other selected users to see the
data.

It would be nice if a person who is represented
in the database could view and edit their own
record over the web. Either with a browser or
using an executable I write.

Are either of these passable?

Random number generators. I was thinking of
using standard C++ rand, seeded with srand of
the time of day clock. Why do I have the feeling
that would not be adequate?

You folks have asked me questions in order to
be more helpful. I'm very grateful. I hope
I've given you the information you wanted.

Thanks
Larry

--
.

Relevant Pages

  • Re: Pin generation algorithm question
    ... the keys would be a big ... Suppose that we have a database that contains all valid numbers, ... load among several servers that all need access to this database. ... So the only real problem is which systems are accessing this crypto box. ...
    (sci.crypt)
  • Re: general concerns regarding hacking of .NET assemblies
    ... >> CLI metadata to more or less random names, and optionally encrypting ... >> passwords used to access remote data, like a database server). ... >> Of course the password is encrypted in the file, but once the hacker finds ... > in .Net to sign your assemblies with a strong name, ...
    (microsoft.public.dotnet.security)
  • Newbie - Does This Make Sense?
    ... Besides the obvious use of these items, I'm padding the front of the clear text before encrypting it. ... The pad consists of two bytes generated by the PRNG. ... Running on Windows, with option of having database on remote system running Solaris, Linux or Windows, or whatever platform runs the Firebird Database. ...
    (sci.crypt)
  • RE: general concerns regarding hacking of .NET assemblies
    ... > disassembled into its easily readable, underlying CLI code. ... > CLI metadata to more or less random names, and optionally encrypting internal ... > passwords used to access remote data, like a database server). ... > My application connects to a remote database, so let’s say a hacker wants to ...
    (microsoft.public.dotnet.security)
  • Re: general concerns regarding hacking of .NET assemblies
    ... > management application using the .NET framework and am becoming worried ... > CLI metadata to more or less random names, and optionally encrypting ... > passwords used to access remote data, like a database server). ... in .Net to sign your assemblies with a strong name, ...
    (microsoft.public.dotnet.security)