September 19, 2005 at 8:34 pm
Any suggestions on how to hide the encryption key for a server side implementation of encryption on a SQL 2000 server? For example, store it in a registry key vs. a database table. What works best, what's most secure?
September 20, 2005 at 7:15 am
There's no great "secure" option on the db server. I'd look at a third party product as they have dealt with this before and made lots of mistakes.
September 21, 2005 at 2:36 am
Saving keys anywhere in any form introduces some vulnerability ... but you can make it difficult for an attacker by making it as unobvious as possible - embed it in something, add garbage or encrypt the key itself, obfuscate (eg switch bytes) or split it into various locations (some bytes in the registry, some in a table, some in an ini file). However, anyone who has access to your code is going to have access to the key.
September 22, 2005 at 11:49 pm
If you are using Microsoft's Crypto API to do all your encryption, use the certificate store.
Julian Kuiters
juliankuiters.id.au
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply