Crypto is actually quite hard, and building something "perfectly secure" is even harder (some say impossible).<div><br><div>For passwords, it's often the case that you want to store the password salted and one-way encrypted using something like bcrypt() to avoid brute force attacks.</div>
<div><br></div><div>For credit card information, medical information, and similar, the technical requirements may be significantly harder -- it may very well include dedicated hardware that can be called upon to encrypt/decrypt data, but does not leak the key separately.</div>
<div><br></div><div>A good book to get an understanding of many nuances is "Applied Cryptography" by Schneier. <a href="http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/0471117099">http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/0471117099</a><br clear="all">
If you actually want to implement crypto in your own system, you can do a *lot* worse than reading that book!</div><div>(And, yes, crypto requires overall systems approaches; dropping an algorithm in some low-level code is not sufficient for most kinds of attacks you want to defend against)</div>
<div><br></div><div>Sincerely,</div><div><br></div><div>jw</div><div><br>--<br>Americans might object: there is no way we would sacrifice our living standards for the benefit of people in the rest of the world. Nevertheless, whether we get there willingly or not, we shall soon have lower consumption rates, because our present rates are unsustainable. <br>
<br>
<br><br><div class="gmail_quote">On Sun, Oct 30, 2011 at 9:58 AM, Kristen Eisenberg <span dir="ltr"><<a href="mailto:kristen.eisenberg@yahoo.com">kristen.eisenberg@yahoo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div style="color:#000;background-color:#fff;font-family:times new roman, new york, times, serif;font-size:12pt"><div>This is a bit more of a general question than Erlang specific but I hope someone here can answer this, or simply point me to a place where it has already been answered.<br>
I'm writing a server in which I will be storing encrypted user data (unlike Sony). My problem is probably a product of zero experience with encryption combined with a lack of sleep, but I can't figure out how to do this securely. By that I mean I understand how to use crypto to encrypt/decrypt a piece of data but the Key and the Ivec have to be the same for both the encryption and decryption otherwise it doesn't work...so how do I make this happen without storing those two things "out in the open?" It seems like that can't be the optimal solution since anyone who could just grab those and decrypt the data. Am I missing something completely
obvious?<br>Chris Hicks.</div><div><br></div><div>
<div class="MsoNormal"><span lang="DE">Kristen Eisenberg</span></div>
<div class="MsoNormal"><span lang="DE">Billige Flüge</span></div>
<div class="MsoNormal"><span lang="DE">Marketing GmbH</span></div>
<div class="MsoNormal"><span lang="DE">Emanuelstr. 3,</span></div>
<div class="MsoNormal"><span lang="DE">10317 Berlin</span></div>
<div class="MsoNormal"><span lang="DE">Deutschland</span></div>
<div class="MsoNormal"><span lang="DE">Telefon: +49 (33)</span></div>
<div class="MsoNormal"><span lang="DE">5310967</span></div>
<div class="MsoNormal"><span lang="DE">Email:</span></div>
<div class="MsoNormal"><span lang="DE">utebachmeier at</span></div>
<div class="MsoNormal"><span lang="DE"><a href="http://gmail.com" target="_blank">gmail.com</a></span></div>
<div class="MsoNormal"><span lang="DE">Site:</span></div>
<div class="MsoNormal"><span lang="DE"><a href="http://flug.airego.de" target="_blank">http://flug.airego.de</a>
- Billige Flüge vergleichen</span></div></div></div></div><br>_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
<br></blockquote></div><br></div></div>