[erlang-questions] Encrypting/Decrypting data
Thu May 5 09:34:35 CEST 2011
I would strongly recommend reading Bruce Schneier's Practical Cryptography -
it is absolutely invaluable for building this type of system. Then, I'd
suggest reading Hacker News and searching for posts by tptacek
http://news.ycombinator.com/user?id=tptacek - his warnings regarding
building your own encryption system - even by just cobbling together secure
algorithms - should not be taken lightly. His most famous post on the
subject is "If you're typing the letters A-E-S into your code you're doing
it wrong" is worth reading.
On Sat, Apr 30, 2011 at 10:12 PM, Chris Hicks
> That certainly makes sense, and is a lot simpler than anything I was
> coming up with in my head. Thank you.
> > Subject: Re: [erlang-questions] Encrypting/Decrypting data
> > From:
> > Date: Sat, 30 Apr 2011 20:31:47 -0400
> > CC:
> > To:
> > Chris,
> > On Apr 30, 2011, at 6:25 PM, Chris Hicks wrote:
> > > This is a bit more of a general question than Erlang specific but I
> hope someone here can answer this, or simply point me to a place where it
> has already been answered.
> > >
> > > I'm writing a server in which I will be storing encrypted user data
> (unlike Sony). My problem is probably a product of zero experience with
> encryption combined with a lack of sleep, but I can't figure out how to do
> this securely. By that I mean I understand how to use crypto to
> encrypt/decrypt a piece of data but the Key and the Ivec have to be the same
> for both the encryption and decryption otherwise it doesn't work...so how do
> I make this happen without storing those two things "out in the open?" It
> seems like that can't be the optimal solution since anyone who could just
> grab those and decrypt the data. Am I missing something completely obvious?
> > You have it correct. The solution to your problem is to do what things
> like 'ssh' or Apache 'httpd' do, and use a key stored in a file with
> user-restricted permissions, which requires a passphrase to read. As your
> server starts, it will ask the user who starts it for the passphrase and
> then read the key.
> > Regards,
> > - John Kemp
> > >
> > > Chris Hicks.
> > >
> > >
> > > _______________________________________________
> > > erlang-questions mailing list
> > >
> > > http://erlang.org/mailman/listinfo/erlang-questions
> erlang-questions mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions