Thread: Looking for Suggestions on Hash Key Creation
View Single Post
  #2 (permalink)  
Old 03-26-2008, 02:17 AM
Todd H.
Guest
  
Posts: n/a
Default Re: Looking for Suggestions on Hash Key Creation
jwwest <jwwest@gmail.com> writes:

> I'm building a CGI eCommerce store and I'm looking for ways to create
> a decent 2 way encryption. Of course in a scripted language, I don't
> want my key in the script itself, but would rather store it somewhere
> obfuscated such as in a compiled C++ binary. (I know it doesn't help -
> much-, but defense in layers)
>
> A .NET programmer friend of mine uses a method that involves
> generating a hash from the Volume ID of the hard drive to use as a
> key. I like this approach, but am wary of hardware/software changes
> that will break my key.
>
> Am I going about this the correct way? Is there a better method for
> creating a decently secure 2 way encryption using a scripted language?
>
> Any help is very much appreciated. Thanks.

The path to hell is paved with such intentions. :-)

You may get a lot of mileage out of the OWASP Guide to web
application security, specifically this chapter:
http://www.owasp.org/index.php/Cryptography

More generally
http://www.owasp.org/index.php/Guide_Table_of_Contents

Best Regards,
--
Todd H.
http://www.toddh.net/

Reply With Quote