[erlang-questions] Encrypting/Decrypting data

Jon Watte jwatte@REDACTED
Mon Oct 31 04:45:43 CET 2011


Crypto is actually quite hard, and building something "perfectly secure" is
even harder (some say impossible).

For passwords, it's often the case that you want to store the password
salted and one-way encrypted using something like bcrypt() to avoid brute
force attacks.

For credit card information, medical information, and similar, the
technical requirements may be significantly harder -- it may very well
include dedicated hardware that can be called upon to encrypt/decrypt data,
but does not leak the key separately.

A good book to get an understanding of many nuances is "Applied
Cryptography" by Schneier.
http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/0471117099
If you actually want to implement crypto in your own system, you can do a
*lot* worse than reading that book!
(And, yes, crypto requires overall systems approaches; dropping an
algorithm in some low-level code is not sufficient for most kinds of
attacks you want to defend against)

Sincerely,

jw

--
Americans might object: there is no way we would sacrifice our living
standards for the benefit of people in the rest of the world. Nevertheless,
whether we get there willingly or not, we shall soon have lower consumption
rates, because our present rates are unsustainable.



On Sun, Oct 30, 2011 at 9:58 AM, Kristen Eisenberg <
kristen.eisenberg@REDACTED> wrote:

> This is a bit more of a general question than Erlang specific but I hope
> someone here can answer this, or simply point me to a place where it has
> already been answered.
> I'm writing a server in which I will be storing encrypted user data
> (unlike Sony). My problem is probably a product of zero experience with
> encryption combined with a lack of sleep, but I can't figure out how to do
> this securely. By that I mean I understand how to use crypto to
> encrypt/decrypt a piece of data but the Key and the Ivec have to be the
> same for both the encryption and decryption otherwise it doesn't work...so
> how do I make this happen without storing those two things "out in the
> open?" It seems like that can't be the optimal solution since anyone who
> could just grab those and decrypt the data. Am I missing something
> completely obvious?
> Chris Hicks.
>
> Kristen Eisenberg
> Billige Flüge
> Marketing GmbH
> Emanuelstr. 3,
> 10317 Berlin
> Deutschland
> Telefon: +49 (33)
> 5310967
> Email:
> utebachmeier at
> gmail.com
> Site:
> http://flug.airego.de - Billige Flüge vergleichen
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20111030/a273b295/attachment.htm>


More information about the erlang-questions mailing list