And here, folks, is the good old red herring problem once over again. I'm not saying that Nelson is wrong. It is a problem. But.. Well. For those of you saying "why aren't they using better crypto, since it IS available?", read on... Nelson wrote: > > The scene: > user -> nelson > pass -> ABC > > [...] > > and I found two values: > Login = nelson > Type = 4A4E52 > > [snip: How to "descramble" the password] Passwords _cannot_ securely be stored locally without encrypting them with another password that the user must enter. Even if a "good" crypto algorithm is used, the key to unlock the "password repository" must be stored somewhere. Hopefully this is in the user's brain, but since most users cry foul when they have to remember passwords, this usuall gets stored on the same insecure hard drive that the "encrypted" secrets are stored, all in the name of user friendliness. When the key for decrypting the password repository gets stored, all you need to do is go find the key and then you can go read all the passwords. Let me reiterate: IT IS NOT POSSIBLE TO STORE COMPLETE SECRETS ON THE LOCAL COMPUTER IF THE LOCAL COMPUTER CANNOT BE TRUSTED. Solution: Don't write apps that store passwords on the local computer without using another password to encrypt them. Workaround: Disable all "remember this password for me" checkboxes that keep cropping up in all sorts of apps /Mike -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-248 00 33 WWW: http://www.enternet.se E-mail: mikael.olssonat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:37:36 PDT