lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 10 Apr 2012 08:33:42 -0700
From: Gage Bystrom <themadichib0d@...il.com>
To: Erki Männiste <Erki.Manniste@...media.ee>, 
	"full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: keeping data safe offline

The best you could do without internet access to store the keys is to
implement a strong crypting method on the app itself and use every trick
you can that would piss off a reverse engineer.
On Apr 9, 2012 2:26 PM, "Erki Männiste" <Erki.Manniste@...media.ee> wrote:

> I am developing a software that is going to be distributed to end-users on
> usb sticks. The application and the content will be stored on that device
> and the content will be stored in a one-file sqlCE database, it will be
> crypted by default and will be encrypted by the application on-the-fly.
> My client has made it clear, that he wants to keep end-users from copying
> the content and using it on any other device but that very stick. Now, due
> to the offline requirement this is impossible to achive because i have to
> store the encryption key somewhere in the code and users are able to access
> the data while in unencrypted state.
> Can anybody recommend me any mechanism that i could apply, to make it more
> difficult for users to copy the content?
>
> ERKI
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and
> how your customers can tell if a site is secure. You will find out how to
> test, purchase, install and use a thawte Digital Certificate on your Apache
> web server. Throughout, best practices for set-up are highlighted to help
> you ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ