[erlang-questions] Encrypting/Decrypting data
Chad DePue
chad@REDACTED
Thu May 5 09:34:35 CEST 2011
I would strongly recommend reading Bruce Schneier's Practical Cryptography -
it is absolutely invaluable for building this type of system. Then, I'd
suggest reading Hacker News and searching for posts by tptacek
http://news.ycombinator.com/user?id=tptacek - his warnings regarding
building your own encryption system - even by just cobbling together secure
algorithms - should not be taken lightly. His most famous post on the
subject is "If you're typing the letters A-E-S into your code you're doing
it wrong" is worth reading.
http://chargen.matasano.com/chargen/2009/7/22/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing.html
Best,
Chad DePue
skype: cdepue
inakanetworks.com
On Sat, Apr 30, 2011 at 10:12 PM, Chris Hicks
<silent_vendetta@REDACTED>wrote:
> That certainly makes sense, and is a lot simpler than anything I was
> coming up with in my head. Thank you.
>
> > Subject: Re: [erlang-questions] Encrypting/Decrypting data
> > From: john@REDACTED
> > Date: Sat, 30 Apr 2011 20:31:47 -0400
> > CC: erlang-questions@REDACTED
> > To: silent_vendetta@REDACTED
>
> >
> > Chris,
> >
> > On Apr 30, 2011, at 6:25 PM, Chris Hicks wrote:
> >
> > > This is a bit more of a general question than Erlang specific but I
> hope someone here can answer this, or simply point me to a place where it
> has already been answered.
> > >
> > > I'm writing a server in which I will be storing encrypted user data
> (unlike Sony). My problem is probably a product of zero experience with
> encryption combined with a lack of sleep, but I can't figure out how to do
> this securely. By that I mean I understand how to use crypto to
> encrypt/decrypt a piece of data but the Key and the Ivec have to be the same
> for both the encryption and decryption otherwise it doesn't work...so how do
> I make this happen without storing those two things "out in the open?" It
> seems like that can't be the optimal solution since anyone who could just
> grab those and decrypt the data. Am I missing something completely obvious?
> >
> > You have it correct. The solution to your problem is to do what things
> like 'ssh' or Apache 'httpd' do, and use a key stored in a file with
> user-restricted permissions, which requires a passphrase to read. As your
> server starts, it will ask the user who starts it for the passphrase and
> then read the key.
> >
> > Regards,
> >
> > - John Kemp
> >
> > >
> > > Chris Hicks.
> > >
> > >
> > > _______________________________________________
> > > erlang-questions mailing list
> > > erlang-questions@REDACTED
> > > http://erlang.org/mailman/listinfo/erlang-questions
> >
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20110505/708ccbf5/attachment.htm>
More information about the erlang-questions
mailing list