[erlang-questions] Encrypting/Decrypting data
Sun Oct 30 21:29:11 CET 2011
On Oct 30, 2011, at 12:58 PM, Kristen Eisenberg wrote:
> This is a bit more of a general question than Erlang specific but I hope someone here can answer this, or simply point me to a place where it has already been answered.
> I'm writing a server in which I will be storing encrypted user data (unlike Sony). My problem is probably a product of zero experience with encryption combined with a lack of sleep, but I can't figure out how to do this securely. By that I mean I understand how to use crypto to encrypt/decrypt a piece of data but the Key and the Ivec have to be the same for both the encryption and decryption otherwise it doesn't work...so how do I make this happen without storing those two things "out in the open?" It seems like that can't be the optimal solution since anyone who could just grab those and decrypt the data. Am I missing something completely obvious?
No, you've pretty clearly stated the problem with doing encryption. In order to make it useful, the encrypted data and the key(s) used for encryption and decryption should not be stored in the same place otherwise you miss the point of encrypting the data to begin with.
So the question mostly comes down to the requirements for your system and the particular threat you are trying to mitigate with encryption - is the pain of encrypting the data worth it? If the answer is yes, then you (at a minimum) need to lock down the database serving machine such that only your app servers (yes, separate machines if you are that concerned about security) can access it. You need to protect the encryption key using a passphrase which is given to the app server when it is started (i.e.. typed in by a human) or stored protected on disk (i.e. root access only).
> Chris Hicks.
> Kristen Eisenberg
> Billige Flüge
> Marketing GmbH
> Emanuelstr. 3,
> 10317 Berlin
> Telefon: +49 (33)
> utebachmeier at
> http://flug.airego.de - Billige Flüge vergleichen
> erlang-questions mailing list
More information about the erlang-questions