Storing Secrets

Previous page
Table of content
Next page

Chapter 7

Storing Secrets

Storing secret information such as encryption keys, passwords, and challenge information used for challenge-response authentication systems in software in a completely secure fashion is impossible. Someone with an account of enough privilege on your computer can easily access the data. Storing secret information securely in software is also hard to do, and thus it s generally discouraged. Sometimes, however, you must, so this chapter will aid you in doing so. The trick is to raise the security bar high enough to make it very difficult for anyone other than appropriate users to access the secret data. To that end, this chapter will cover the following: attack methods; determining whether you need to store a secret; getting the secret from the user; storing secrets in Windows 2000, Windows XP, Windows NT 4.0, Windows 95, Windows 98, Windows Me, and Windows CE; raising the security bar; and using devices to encrypt secret data.

important

Keep secret data secret. As a colleague once said to me, the value of a secret is inversely proportional to its accessibility. Put another way: a secret shared by many people is no longer a secret.


Previous page
Table of content
Next page
Writing Secure Code
Writing Secure Code, Second Edition
ISBN: 0735617228
EAN: 2147483647
Year: 2005
Pages: 153
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
ERP and Data Warehousing in Organizations: Issues and Challenges
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
Extending and Embedding PHP
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy