[erlang-questions] Encrypting/Decrypting data

Chris Hicks <>
Thu May 5 17:15:30 CEST 2011


I will certainly look into those things, thank you.

From: 
Date: Thu, 5 May 2011 04:34:35 -0300
Subject: Re: [erlang-questions] Encrypting/Decrypting data
To: 
CC: 

I would strongly recommend reading Bruce Schneier's Practical Cryptography - it is absolutely invaluable for building this type of system. Then, I'd suggest reading Hacker News and searching for posts by tptacek http://news.ycombinator.com/user?id=tptacek - his warnings regarding building your own encryption system - even by just cobbling together secure algorithms - should not be taken lightly. His most famous post on the subject is "If you're typing the letters A-E-S into your code you're doing it wrong" is worth reading.


http://chargen.matasano.com/chargen/2009/7/22/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing.html



Best,Chad DePue
skype: cdepue
inakanetworks.com  
On Sat, Apr 30, 2011 at 10:12 PM, Chris Hicks <> wrote:







That certainly makes sense, and is a lot simpler than anything I was coming up with in my head. Thank you.

> Subject: Re: [erlang-questions] Encrypting/Decrypting data
> From: 


> Date: Sat, 30 Apr 2011 20:31:47 -0400
> CC: 
> To: 


> 
> Chris,
> 
> On Apr 30, 2011, at 6:25 PM, Chris Hicks wrote:
> 
> > This is a bit more of a general question than Erlang specific but I hope someone here can answer this, or simply point me to a place where it has already been answered.


> > 
> > I'm writing a server in which I will be storing encrypted user data (unlike Sony). My problem is probably a product of zero experience with encryption combined with a lack of sleep, but I can't figure out how to do this securely. By that I mean I understand how to use crypto to encrypt/decrypt a piece of data but the Key and the Ivec have to be the same for both the encryption and decryption otherwise it doesn't work...so how do I make this happen without storing those two things "out in the open?" It seems like that can't be the optimal solution since anyone who could just grab those and decrypt the data. Am I missing something completely obvious?


> 
> You have it correct. The solution to your problem is to do what things like 'ssh' or Apache 'httpd' do, and use a key stored in a file with user-restricted permissions, which requires a passphrase to read. As your server starts, it will ask the user who starts it for the passphrase and then read the key. 


> 
> Regards,
> 
> - John Kemp
> 
> > 
> > Chris Hicks.
> > 
> > 
> > _______________________________________________
> > erlang-questions mailing list


> > 
> > http://erlang.org/mailman/listinfo/erlang-questions


> 
 		 	   		  

_______________________________________________

erlang-questions mailing list



http://erlang.org/mailman/listinfo/erlang-questions



 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20110505/8e0f7a4f/attachment.html>


More information about the erlang-questions mailing list