galleryright.blogg.se

1. #Point passwords plus to the data file software
2. #Point passwords plus to the data file password
3. #Point passwords plus to the data file Pc
4. #Point passwords plus to the data file license

You might also consider using the Cryptographic Message Syntax as a format for your file. You should be able to find an open-source library that implements PBE key generators for different algorithms. It's similar to the algorithm you outline, but is capable of generating longer symmetric keys for use with AES. I would recommend using a recognized algorithm such as PBKDF2 defined in PKCS #5 version 2.0 to generate a key from your password. at work) and be able to migrate/move the data by simply copying the file (so I can use it at home, on different workstations, etc.). But I'd like to deploy it in a shared environment on computers I don't fully control (e.g. Thus, password-based key derivation as defined here is a function of a password, a salt, and an iteration count, where the latter two quantities need not be kept secret.ĭoes this mean that I could store the salt value in the same place/file as the hashed key and still be more secure than if I used no salt at all when hashing? How does that work?Ī little more context: the encrypted file isn't meant to be shared with or decrypted by others, it's really single-user data. For example, this spec linked by erickson (below) says: I thought the salt had to be kept secret to be useful, but your answers and links imply this is not the case. So is this design reasonably secure, or hopelessly naive, or somewhere in between? Thanks!ĮDIT: clarification and follow-up question re: Salt.

#Point passwords plus to the data file Pc

That way, I can take the file to another PC and decrypt it by simply entering my password. So I hash it again, basically treating it just like another password, and save the doubly-hashed value in the data file.

#Point passwords plus to the data file password

But since I use the hashed user password for the symmetric encryption key, I can't use the same value for authentication. "HashedUserPwdAndKey" -> "HashedValueForAuthentication"īasically I'm extrapolating from the common way to implement web-site passwords (when you're not using OpenID, that is), which is to store the (salted) hash of the user's password in your DB and never save the actual password. the unencrypted part of the data file) and uses that value to validate the user's password. Step 3: App hashes the hashed value from step 2 and saves the new value in the data file header (i.e."MyDifficultPassword" -> "HashedUserPwdAndKey". Step 2: App hashes the user-password and uses that value as the symmetric key to encrypt/decrypt the data file.Step 1: User enters plain-text password, e.g.So tell me: is this crazy? Is there a better/best way to do it? I have a strategy that appears workable and seems logical based on what I know (which is probably just enough to be dangerous), but I have no idea if it's actually a good design or not. I want the encrypted data file to be self-contained and portable, so the authentication has to be embedded in the file (or so I assume).

one must enter the correct password to decrypt).

If I use it, I’ll give you credit and link to your web site. If you have a resource, strategy or tip to help small businesses, click here to send it to me.

#Point passwords plus to the data file license

The license in on the card, and each person must have a different card.

#Point passwords plus to the data file software

Access Smart charges a $40 licensing fee for the software plus the smart card, which can hold 100 or more passwords for different accounts. The card stores all your passwords plus allows you to have complex passwords such as emFO%39iL5Nc305,9Z/4>6d, which are the most secure but impossible to remember. Access Smart makes Power LogOn, an Internet password security product for small businesses.