Re: [SC-L] Best practices for encrypting client-side data

2007-05-10 Thread Robin Sheat
On Wednesday 09 May 2007 03:00:12 SC-L Subscriber Dave Aronson wrote: What happens when the user changes his password?  I didn't quite follow it all, but it looks to me like that means that all of a user's data has to be decrypted and re-encrypted.  You didn't tell us how much data that is, so

Re: [SC-L] Best practices for encrypting client-side data

2007-05-10 Thread Robin Sheat
On Wednesday 09 May 2007 05:04:53 you wrote: You go on to describe (I think) crypto operations that take place completely on the client site. What is the relationship between the encrypted data and server client-server communications? For the purposes of this, there isn't. It was just to

Re: [SC-L] Best practices for encrypting client-side data

2007-05-10 Thread Robin Sheat
On Wednesday 09 May 2007 02:11:05 ljknews wrote: I would suggest two factor authentication, requiring some smart card (with built-in keypad, to prevent intercept of the pin) that actually provides the decryption.  Make the user keep the smart card with them, such as by requiring it for

[SC-L] Best practices for encrypting client-side data

2007-05-08 Thread Robin Sheat
I'm no security professional, just a programmer with a healthy interest in it, most of what I've gleaned has come from lists such as this, and the various securityfocus ones. A little while ago I was asked to implement something that I didn't have much of a low-level idea of, so I hope here is

Re: [SC-L] Could I use Java or c#? [was: Re: re-writing college books]

2006-11-14 Thread Robin Sheat
On Tuesday 14 November 2006 13:28, Crispin Cowan wrote: It means that compromising performance It's not necessarily a given that runtime performance is compromised. There are situations where Java is faster than C (I've tested this on trivial things). I'm sure there are situations where the