U++ forum: Welcome to the forum

Search on this site

Search in forums

Home » Developing U++ » UppHub » Encrypted storage with streaming (OpenSSL, AES)

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: Encrypted storage with streaming (OpenSSL, AES) [message #25774 is a reply to message #25773]

Thu, 11 March 2010 11:01

koldo
Messages: 3358
Registered: August 2008

Senior Veteran

Mindtraveller wrote on Thu, 11 March 2010 10:53

The truth is that you MUST
1) Use strong key with AES, not password
2) Not to hardcode the key in the code in ANY way

So what is the solution? You take user password. And then you DERIVE strong key from it. Then you "forget" user password, you just don't need it at all. You do encryption with that relatively strong key (i.e. SHA from user password - see my recent comment).

Next time user enters password, you derive the key with the same function (i.e. SHA) and try to decompress AESStream. If decomression fails, then original password and the one entered is not the same (incorrect password).

It is really not that hard.

Could you implement this in AESStream ?

Best regards
Iñaki

Report message to a moderator

[Message index]

		Encrypted storage with streaming (OpenSSL, AES) By: Mindtraveller on Wed, 16 September 2009 22:17
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Thu, 17 September 2009 09:34
		Re: Encrypted storage with streaming (OpenSSL, AES) By: Weras on Thu, 17 September 2009 19:57
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Thu, 17 September 2009 22:55
		Re: Encrypted storage with streaming (OpenSSL, AES) By: Mindtraveller on Fri, 18 September 2009 11:20
		Re: Encrypted storage with streaming (OpenSSL, AES) By: tojocky on Fri, 18 September 2009 12:28
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Fri, 18 September 2009 13:23
		Re: Encrypted storage with streaming (OpenSSL, AES) By: Mindtraveller on Fri, 18 September 2009 14:01
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Fri, 18 September 2009 23:01
		Re: Encrypted storage with streaming (OpenSSL, AES) By: kasome on Wed, 23 September 2009 03:29
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Sat, 20 February 2010 17:08
		Re: Encrypted storage with streaming (OpenSSL, AES) By: Mindtraveller on Sat, 20 February 2010 23:19
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Sun, 21 February 2010 08:07
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Sun, 21 February 2010 10:38
		Re: Encrypted storage with streaming (OpenSSL, AES) By: Mindtraveller on Sun, 21 February 2010 12:01
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Sun, 21 February 2010 15:40
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Sun, 21 February 2010 16:01
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Sun, 21 February 2010 19:25
		Re: Encrypted storage with streaming (OpenSSL, AES) By: Mindtraveller on Mon, 22 February 2010 00:48
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Mon, 22 February 2010 07:54
		Re: Encrypted storage with streaming (OpenSSL, AES) By: Mindtraveller on Mon, 22 February 2010 08:31
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Mon, 22 February 2010 08:50
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Mon, 22 February 2010 11:55
		Re: Encrypted storage with streaming (OpenSSL, AES) By: Mindtraveller on Mon, 22 February 2010 12:24
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Mon, 22 February 2010 12:46
		Re: Encrypted storage with streaming (OpenSSL, AES) By: tojocky on Mon, 22 February 2010 15:19
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Mon, 22 February 2010 16:46
		Building with MSC9 By: kohait00 on Wed, 03 March 2010 23:17
		Re: Building with MSC9 By: koldo on Sat, 06 March 2010 01:49
		Re: Building with MSC9 By: kohait00 on Sun, 07 March 2010 11:24
		Re: Building with MSC9 By: koldo on Sun, 07 March 2010 13:47
		Re: Building with MSC9 By: kohait00 on Sun, 07 March 2010 16:08
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Wed, 10 March 2010 17:09
		Re: Encrypted storage with streaming (OpenSSL, AES) By: kohait00 on Wed, 10 March 2010 20:54
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Wed, 10 March 2010 21:33
		Re: Encrypted storage with streaming (OpenSSL, AES) By: kohait00 on Wed, 10 March 2010 22:36
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Thu, 11 March 2010 09:12
		Re: Encrypted storage with streaming (OpenSSL, AES) By: kohait00 on Thu, 11 March 2010 10:29
		Re: Encrypted storage with streaming (OpenSSL, AES) By: Mindtraveller on Thu, 11 March 2010 10:53
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Thu, 11 March 2010 11:01
		Re: Encrypted storage with streaming (OpenSSL, AES) By: Mindtraveller on Fri, 12 March 2010 21:41
		Re: Encrypted storage with streaming (OpenSSL, AES) By: koldo on Sun, 14 March 2010 15:27
		bazaar: DeEncrypter By: kohait00 on Thu, 05 August 2010 21:09
		Re: bazaar: DeEncrypter By: Mindtraveller on Sat, 07 August 2010 07:14
		Re: bazaar: DeEncrypter By: kohait00 on Sun, 08 August 2010 11:05
		Re: bazaar: DeEncrypter By: Mindtraveller on Tue, 10 August 2010 15:33
		Re: bazaar: DeEncrypter By: kohait00 on Tue, 10 August 2010 15:46
		Re: bazaar: DeEncrypter By: Mindtraveller on Tue, 10 August 2010 21:14
		Re: bazaar: DeEncrypter By: kohait00 on Tue, 10 August 2010 21:42
		Re: bazaar: DeEncrypter By: Mindtraveller on Wed, 11 August 2010 09:43
		Re: bazaar: DeEncrypter By: koldo on Wed, 11 August 2010 15:29
		Re: bazaar: DeEncrypter By: Mindtraveller on Thu, 12 August 2010 10:22
		Re: bazaar: DeEncrypter By: koldo on Thu, 12 August 2010 13:54
		Re: bazaar: DeEncrypter By: kohait00 on Tue, 17 August 2010 15:58
		Re: bazaar: DeEncrypter By: koldo on Fri, 25 February 2011 18:52
		Re: bazaar: DeEncrypter By: Mindtraveller on Thu, 21 April 2011 14:28
		Re: Encrypted storage with streaming (OpenSSL, AES) By: Alboni on Fri, 23 August 2013 01:59

Previous Topic:	Protect packages - split code encryption,client and server
Next Topic:	Added single and double linked lists

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Mon Apr 29 11:03:34 CEST 2024

Total time taken to generate the page: 0.02332 seconds