|
Posted by S. Pidgorny on May 9, 2007, 4:30 am
If you were Registered and logged in, you could reply and use other advanced thread options
G'day,
The beauty of public key encryption is that you can send public key over
public channels and still establish secure information exchane - that can be
used to send randomly generated symmetric encryption key (symmetric
encryption is less resource-hungry). Read about public key cryptography at
http://en.wikipedia.org/wiki/Public_key_encryption that is fascinating
stuff.
Practically speaking, SSL is commonly used for the tasks you outlined.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
> Several software applications needs to encrypt and decrypt data,
> requiring either a single key in symmetrical encryption algorithms or
> public/private keys in asymmetrical algorithms, but how these keys
> should be distributed?
> Embed the key(s) within the application executable is a very
> vulnerable approach, since an attacker may trace API calls, or run
> the
> application under a debugger and simply halt the program when the
> keys
> has been reconstructed.
> And what about the risk to distribute the key in every exeucutable
> copy embedded within, if some attacker gets this key it can make it
> public, and every user of this application may use it to break its
> own
> installation.
>
> Can anyone give me any suggestion? Or point me in the correct
> direction to avoid these problems?
>
| 
XML site map