On Wed, 11 Feb 2004, Dustin Puryear wrote: > 1. The attacker knows a salesperson's password. > 2. The attacker is able to hijack a saleperson's session. > 3. The attacker is able to read the server's memory or paging file.
> Okay. So on the web server you have a table like so: > > user password-hash cc-col-encrypted-decryption-key > ----------------------------------------------------------------- > bob lskdjf34 sldkfj43 (= 'hello') > phil k34f3 ss--34343f (= 'hello') > sue 34fd3;4 sdj3434334 (= 'hello') Cool, i like this idea. I stared at it for a while before concluding that it is probably overly complex for what you are actually accomplishing. IMHO, the fundamental flaw is this shared master password 'hello'. If we've accepted #1 and #2 above, and we're dead in the water if someone obtains the master password with #3, then why bother with the decryption keys for each user. Just have the manager physically type in the master password each time you "bring the system up". The password is then stored in a variable as long as the application server is running, but never on disk. Or am i missing something? Having keys for each user would definitely obfuscate things for potential attackers, but that is NOT encryption. However, i'll admit obfuscation is at least somewhat effective when protecting data. ray -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Ray DeJean http://www.r-a-y.org Systems Engineer Southeastern Louisiana University IBM Certified Specialist AIX Administration, AIX Support =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
