Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

4
  • Thank you! I'd like to check my understanding of your last paragraph. Fx in the case of an webapp. Is it: a) create secret key $K and store this as a constant in the webapp code. b) Create $nonce. c) Create $mac as HMAC-SHA256($nonce$password)[$K] d) Store $nonce and $mac in the database. Is that correctly understood? (And I understand you're not recommending this, only mentioning it as a possibility.) Commented Apr 19, 2011 at 13:19
  • 2
    "secret" and "store as a constant in the code" do not work well together. A secret key should be kept in RAM only; it may be tolerated that the secret key is stored in a private file somewhere (that's how SSH server keep the server key) but, depending on the operating system, this may or may not be easy. The whole point of using that key is that it is "more secret" than the database contents. Commented Apr 19, 2011 at 14:11
  • 1
    @Jesper and of course, this brings you back 'round to key management, which is a sticky subject all on it's own. Commented Apr 20, 2011 at 18:36
  • 1
    @ThomasPornin upvoted but I would argue that the point of the key is to be "differently secret", rather than "more secret". Breaking into the database (e.g. with SQL injection) does not necessarily bring you any closer to the source code / binaries. I just don't see why not do it. Commented Aug 12, 2017 at 11:16