|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: key storage
From: Michael Howard (mikehow
microsoft.com)
Date: Tue Aug 31 2004 - 13:58:52 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michael, you're suggestion of using SHA-1(passphrase + salt) is
vulnerable to a somewhat esoteric cryptographic attack called a "Length
Extension Attack"
You should use:
H(salt,H(passphrase))
Instead.
The attack is touched upon in Ferguson's Practical Cryptography.
[Writing Secure Code] http://www.microsoft.com/mspress/books/5957.asp
[Protect Your PC] http://www.microsoft.com/protect
[Blog] http://blogs.msdn.com/michael_howard
[On-line Security Training]
http://mste/training/offerings.asp?TrainingID=53074
-----Original Message-----
From: Scovetta, Michael V [mailto:Michael.Scovettaca.com]
Sent: Tuesday, August 31, 2004 7:04 AM
To: Brown, James F.; Ajay
Cc: webappsecsecurityfocus.com
Subject: RE: key storage
I would add a comment here (obviously):
Don't use the SHA-1 hash of the passphrase, but rather, the
SHA-1 hash of the (passphrase+salt). Otherwise, you rely on the choice
of passphrase to protect against dictionary attacks.
Mike
-----Original Message-----
From: Brown, James F. [mailto:James.F.BrownFMR.com]
Sent: Monday, August 30, 2004 10:01 AM
To: Ajay
Cc: webappsecsecurityfocus.com
Subject: RE: key storage
No problem. That's the "best practice", I believe.
- Jim
-----Original Message-----
From: Ajay [mailto:abra9823mail.usyd.edu.au]
Sent: Monday, August 30, 2004 9:29 AM
To: Brown, James F.
Cc: webappsecsecurityfocus.com
Subject: RE: key storage
yup, thats the idea. do you see any problems with it
cheers
Quoting "Brown, James F." <James.F.BrownFMR.com>:
> You're going to use the SHA-1 hash of the passphrase as the actual key
> for the symmetric encryption, right?
>
> ================================
> James F. Brown CISM, CISA
> Sr. Director, Information Security
> Fidelity Investments
> james.f.brownfmr.com
> http://www.fidelity.com
>
>
> -----Original Message-----
> From: Ajay [mailto:abra9823mail.usyd.edu.au]
> Sent: Saturday, August 28, 2004 12:25 AM
> To: Brown, James F.
> Cc: George Capehart; webappsecsecurityfocus.com
> Subject: RE: key storage
>
>
> thanks.
> from responses on other mailing lists, i am moving towards the idea of
> having some sort of proxy server application which at startup is
> supplied
> a passphrase. it uses the passphrase to decrypt a passphrase encrypted
> file and loads keys from there. the file itself can be removed then
> my main application can then query the proxy when it needs the keys.
> ofcourse this introduces the problem of securing the exchange between
> the
> main and the proxy.
> the reason i have the proxy in the first place is because my main app
is
> a
> bunch of cgi scripts where state is stored by only writing to a file
and
> i
> do not have access to the webserver where the application is hosted.
> it will all be remarkable slow though...
>
> cheers
>
> --
> Ajay Brar,
>
> Quoting "Brown, James F." <James.F.BrownFMR.com>:
>
> > Chapter 8 in Applied Cryptography only discussed key storage in
areas
> > where users are involved. If you have an server application that
uses
> > crypto with no users involved, it doesn't offer much help. I'll
check
> > Bruce's newer book "Practical Cryptography" to see if he's addressed
> > that topic, but I won't be able to report on it until Monday.
> >
> > ================================
> > James F. Brown CISM, CISA
> > Sr. Director, Information Security
> > Fidelity Investments
> > james.f.brownfmr.com
> > http://www.fidelity.com
> >
> >
> > -----Original Message-----
> > From: George Capehart [mailto:gwcacm.org]
> > Sent: Thursday, August 26, 2004 1:41 PM
> > To: webappsecsecurityfocus.com
> > Subject: Re: key storage
> >
> >
> > On Wednesday 25 August 2004 21:12, Ajay allegedly wrote:
> > > and also is there any significant paper on key storage - a journal
> or
> > > conference paper?
> > > its for my thesis and it would be nice if i could quote a the
> > > findings of some paper
> >
> > Ajay,
> >
> > There has been *lots* written about key storage. It's a pretty
> > important topic . . . :> Google is your friend. A great place to
> > start, though is Chapter 8 (Key Management) in _Applied_Cryptology
> > (ISBN 0-471-11709-9) by Bruce Schneier.
> >
> > Cheers,
> >
> > George Capehart
> > --
> > George W. Capehart
> >
> > Key fingerprint: 3145 104D 9579 26DA DBC7 CDD0 9AE1 8C9C DD70 34EA
> >
> > "With sufficient thrust, pigs fly just fine." -- RFC 1925
> >
> >
> >
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]