And here, folks, is the good old red herring problem once over again.
I'm not saying that Nelson is wrong. It is a problem. But.. Well.
For those of you saying "why aren't they using better crypto, since
it IS available?", read on...
Nelson wrote:
>
> The scene:
> user -> nelson
> pass -> ABC
>
> [...]
>
> and I found two values:
> Login = nelson
> Type = 4A4E52
>
> [snip: How to "descramble" the password]
Passwords _cannot_ securely be stored locally without encrypting them
with another password that the user must enter.
Even if a "good" crypto algorithm is used, the key to unlock the
"password repository" must be stored somewhere.
Hopefully this is in the user's brain, but since most users cry foul
when they have to remember passwords, this usuall gets stored on the
same insecure hard drive that the "encrypted" secrets are stored,
all in the name of user friendliness.
When the key for decrypting the password repository gets stored,
all you need to do is go find the key and then you can go read all
the passwords.
Let me reiterate: IT IS NOT POSSIBLE TO STORE COMPLETE SECRETS ON
THE LOCAL COMPUTER IF THE LOCAL COMPUTER CANNOT BE TRUSTED.
Solution: Don't write apps that store passwords on the local computer
without using another password to encrypt them.
Workaround: Disable all "remember this password for me" checkboxes
that keep cropping up in all sorts of apps
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se E-mail: mikael.olssonat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:37:36 PDT