On Wednesday 09 May 2007 03:00:12 SC-L Subscriber Dave Aronson wrote: > What happens when the user changes his password? I didn't quite follow it > all, but it looks to me like that means that all of a user's data has to be > decrypted and re-encrypted. You didn't tell us how much data that is, so > I'm going to ass-u-me that it *could* be a lot. Probably not so much that re-encrypting would be a problem. I'm not exactly sure how much, it depends totally on how much the end-users use this part of the system. I would expect 10s of Mb, maybe into the 100s.
> Perhaps you could base the encryption on more stable data, such as the user > name combined with when the user joined. This could be used to encrypt the > data directly, or, as you proposed, to encrypt the actual key. How My issue with that is that it's non-revocable by the user. Should bad-guy-Mallory manage to get that information somehow, the user can't do anything to protect their future data. If Mallory steals their password, then the user can change it, meaning that Mallory has to put the hard-yards in to get access back again. > Also, just how secure do you need it to be? Don't waste a thousand-dollar > lock on a fifty-dollar bicycle. Is this data actually a tempting target > for attackers who are clueful and resourceful (in both the senses of > "clever" and "able to spend a lot")? I think the primary attack scenario is to prevent someone leaving a laptop somewhere, someone else picking it up and saying "ohh, interesting data! Lets sell it to their competitor", but in the interests of 'doing it properly', I expect there won't be much more expense on our part to put a more complete and secure solution in than that. Perhaps so that if the well-funded competitor gets the disk, they can't break it quickly and easily. I'm leaving things like planting keyboard sniffers out of the equation. If they can do that, they have the user's password and can log into the system and see all the data anyway and would have no need to try to defeat the encryption. -- Robin <[EMAIL PROTECTED]> JabberID: <[EMAIL PROTECTED]> Hostes alienigeni me abduxerunt. Qui annus est? PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8 7175 14D3 6485 A99C EB6D
Description: PGP signature
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________