How to manage a key in a symmetric algorithm

Question

How to manage a key in a symmetric algorithm

I am doing AES encryption in my C # code using a key that is generated using a function PasswordDerivedKey, passing a password and salt of 12 bytes. I implemented the logic in the application code, and the “password” is the name of the user of the registered user, and the salt is static byte-aray.

What is the best way to store password and salt, as someone can easily determine the salt (reflecting my code) and username.

What are the alternatives I can take to safely store my password and salt. I don't think storing them in my application code is the best way to do this.

Change . By password, I meant the access key used in the PBKDF function (to get the encryption key), and not the password provided by the user. I am using windows authentication

+3

c # .net cryptography

Bhaskar Nov 12 '10 at 13:28

source share

4 answers

? , Windows Authentication , , . , . 100% ( , root-), .

, . . , , , , , . , , , , .

+2

Dan Bryant 12 . '10 14:21

- , :

/

( ) . , .

+1

Aliostad 12 . '10 13:35

, . , ( Kindle).

,

http://msdn.microsoft.com/en-us/library/2c64xe0y(v=VS.90).aspx

, Windows.

" ", .

( ) , .

1) , .

1a) ,

2)

3) .

4) , .

. Windows, , . . Windows ( Windows), , . (), , . , .

0

Gerald Davis 17 . '10 7:53

Gerald Davis · Accepted Answer · 2010-11-12T13:41:29+0000

Why do you need to save your password if it's just an encrypted version of your Windows username?

Anytime you need to encrypt / decrypt, you know that the username can generate the key dynamically.

Salt should never be considered a safe asset. No need to hide it. You should always assume that the attacker knows the salt. Salt is just a mechanism to defeat rainbow tables and other quick searches.

Is there something I don't see?

. , / . . ( ).

. , , . , :

a) , -, .

b)... ... /

c) .

c - , .

How to manage a key in a symmetric algorithm

More articles: