Name | Modified | Size | Downloads / Week |
---|---|---|---|
Current Version | 2011-02-19 | ||
Previous Versions | 2011-02-08 | ||
readme.txt | 2011-02-19 | 3.9 kB | |
Totals: 3 Items | 3.9 kB | 0 |
19.2.2011 superwj5 on LockandLoad: Hi, today I've released a primitive version of the Encryption and Hashing class library along with a test project. Soon, I will be adding documentation, then the generation of key files and such and their verification. Hope you like it! And yes, I've been thinking about the storage of the keys and such and have come up with a model I would implement in the application (or perhaps credential provider?). As most of you know, many security systems use salts, just as the model below: Salt______________________________________ \ \ \ \ \ \ \ \ \ \ Final Hash / / / / / / / / / User Credentials__________________________/ Well, I do not want to store any component twice, nor do I want to directly store the User Credentials, which would ruin the entire point to store hashes. I must place the Final Hash on the computer and if I put the Salt on the computer there is no way you can validate any Removable Device. If you place the Salt on the Removale Device, if the user loses the key and needs to enter the User Credentials to access the system again, he would need the key, which he has already lost. Therefore, I came up with the following model where the extra object I will call "Sugar" for the mean time as in correspondence to Salt: Salt______________________________________ \ \ \ \ \ \ \ \ \ \ Final Hash Sugar____________________ / \ / \ / \ / \ / Sugar Hash________/ / / / / User Credentials________/ The Salt, Sugar, and Final Hash will be stored on the computer, and the Sugar Hash will be stored on the key. When the user inserts the key, the application (or perhaps credential provider?) would take the Sugar Hash stored on the key and calculate its hash with the salt as a key, then verify it to the final hash. If the user loses the key, the user may enter his credentials and, using the Sugar as a key, the Sugar Hash would be calculated, from which you may calculate with the Salt to obtain and verify the Final Hash. Well, thats it for now and have a good time! :)