Do you have a question? Post it now! No Registration Necessary. Now with pictures!
May 9, 2007, 3:29 am
rate this thread
requiring either a single key in symmetrical encryption algorithms or
public/private keys in asymmetrical algorithms, but how these keys
should be distributed?
Embed the key(s) within the application executable is a very
vulnerable approach, since an attacker may trace API calls, or run the
application under a debugger and simply halt the program when the keys
has been reconstructed.
And what about the risk to distribute the key in every exeucutable
copy embedded within, if some attacker gets this key it can make it
public, and every user of this application may use it to break its own
Can anyone give me any suggestion? Or point me in the correct
direction to avoid these problems?
- » Second International Workshop on Critical Information Infrastructures Security (CRITIS'07)
- — Next thread in » General Computer Security
- » HPSBMA02138 SSRT061184 rev.3 - HP OpenView Storage Data Protector, Remote Unauthorized Arb...
- — Previous thread in » General Computer Security
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — The site's Newest Thread. Posted in » Secure Shell Forum