Re: encryption question
- From: Henrick Hellström <henrick@xxxxxxxxxxxx>
- Date: Wed, 30 Jan 2008 11:14:08 +0100
Rael wrote:
That's fine. There is nothing wrong with Password Based Encryption as long as:
1. Each installation of your software has a single user, and the only reason that user should encrypt anything is for him to store and/or forward it to himself at a later time or on another location.
What's wrong if there's more than one user?
(Obviously I'm not talking about where a user forgets to close (and therefore -reencrypt) his data file)
If there are two users who have do exchange passwords, they have to do that securely. The purpose of asymmetric cryptography and a PKI is to make such exchanges easier. Passwords have to be exchanged over a both confidential and authenticated channel and kept secret when stored, but public keys only have to be exchanged and stored with authentication.
.
- References:
- encryption question
- From: Rael
- Re: encryption question
- From: yannis
- Re: encryption question
- From: Henrick Hellström
- Re: encryption question
- From: Rael
- Re: encryption question
- From: Henrick Hellström
- Re: encryption question
- From: Rael
- encryption question
- Prev by Date: Re: ANN: AnyDAC 2.0 is now available for pre-order
- Next by Date: Re: encryption question
- Previous by thread: Re: encryption question
- Next by thread: Re: encryption question
- Index(es):
Relevant Pages
|
