On Thu, Jun 22, 2000 at 11:55:12PM -0400, Steve Sobol wrote:
> ...
> I am most worried about people being able to get access to the
> database in the event root is compromised. (This is a Linux box that I
> am
> dealing with). After I sent my original question, I decided that the
> only
> safe wa
Rich Salz wrote:
>
> > Hello again, folks. I have a bit of a dilemma here.
>
> Yes, you do.
Hey, I'm flattered - I received a reply from Mr. INN. ;) Thanks
for your reply. Thanks also to Dr. Henson and Michael Sierchio
for theirs.
There are two issues at hand:
1) picking the appropriate ciphe
> Hello again, folks. I have a bit of a dilemma here.
Yes, you do.
You need to look at what you are trying to protect yourself from.
For example, are you worried that someone can download your database?
If so, why are you not worried that they could download your decrypt program?
If they can do
Michael Sierchio wrote:
>
> Somebody wrote:
>
> > A 128 key is more than enough for the forseeable future. However your
> > original code used a fixed key with RC4. Since RC4 is a stream cipher
> > this is horribly insecure.
> >
> > A stream cipher is effectively a random stream of bytes derived
Somebody wrote:
> A 128 key is more than enough for the forseeable future. However your
> original code used a fixed key with RC4. Since RC4 is a stream cipher
> this is horribly insecure.
>
> A stream cipher is effectively a random stream of bytes derived from the
> key. This is XOR'ed with the
Steve Sobol wrote:
>
> Steve Sobol wrote:
> >
> > Hello again, folks. I have a bit of a dilemma here.
>
> I also put a comment into the source code that said I was considering
> using a longer key. Now that I think about it - does that buy me
> anything,
> or is a 128-bit key enough?
>
A 128 k
Steve Sobol wrote:
>
> Hello again, folks. I have a bit of a dilemma here.
I also put a comment into the source code that said I was considering
using a longer key. Now that I think about it - does that buy me
anything,
or is a 128-bit key enough?
--
North Shore Technologies, Cleveland, OH
ht
Hello again, folks. I have a bit of a dilemma here.
The dilemma involves encrypting sensitive data like credit card
account numbers, to be saved in an online database. The real problem
is that I need to be able to decrypt them without having to enter
a passphrase of any sort from the server's key
