Law #7: Encrypted data is only as secure as its decryption key
Suppose you installed the biggest, strongest, most secure lock in the world on your front door, but you put the key under the front door mat. It wouldn't really matter how strong the lock is, would it? The critical factor would be the weak way the key was protected, because if a burglar could find it, he'd have everything he needed to open the lock. Encrypted data works the same way—no matter how strong the crypto algorithm is, the data is only as safe as the key that can decrypt it.
Many operating systems and cryptographic software products give you an option to store cryptographic keys on the computer. The advantage is convenience – you don't have to handle the key – but it comes at the cost of security. Simply put, no matter how well the keys are hidden on the system, the software has to be able to find them – and if it can, so can a sufficiently motivated bad guy.
A better solution is to store them in a protected repository. For instance, the Trusted Platform Module (TPM) chip that’s present on most computers is designed to strongly protect cryptographic keys, and release them only when a PIN is entered. Smart cards provide similar protection, and their portability means that you can also physically separate them from the computer. But the best “protected repository” is your brain – if the key is a word or phrase, memorize it.
If you need help with your network's security, please contact DNS today. (http://dynamicsupport.com/)
Source: http://technet.microsoft.com/
No comments:
Post a Comment