Suppose you installed
the biggest, strongest, most secure lock in the world on your front door, but
you put the key under the front door mat. It wouldn’t really matter how strong
the lock is, would it? The critical factor would be the poor way the key was
protected, because if a burglar could find it, he’d have everything he needed
to open the lock. Encrypted data works the same way on matter how strong the
crypto algorithm is, the data is only as safe as the key that can decrypt it
Many
operating system and cryptographic software products give you an option to
store cryptographic keys on the computer. The advantage is convenience you
don’t have to handle the key but it comes at the cost of security. The keys are
usually obfuscated (that is, hidden), and some of the obfuscation methods are
quite good. But in the end, no matter how well hidden the key is, if it’s on
the computer it can be found. It has to be after all, the software can find it,
so a sufficiently motivated bad guy could find not, too. Whenever possible, use
offline storage for keys. If the key is a word or phrase, memorize it. If not,
export it to a floppy disk, make a backup copy, and store the copies in
separate, secure locations. (All of you administrators out there who are using
Syskey in “local storage” mode you’re going to reconfigure your server right
this minute, right?)
No comments:
Post a Comment