| Techious http://www.techious.com/forums/ |
|
| So after all this cipher stuff... http://www.techious.com/forums/viewtopic.php?f=8&t=7097 |
Page 1 of 1 |
| Author: | azcn2503 [ Tue Jun 28, 2011 6:21 pm ] |
| Post subject: | So after all this cipher stuff... |
A lot of systems in the last few weeks/months/50days got hacked and their information leaked in a plain text format. I have a concept that I think could work to help further protect peoples information in the event that someone breached a database somewhere, and I believe it should be a common practice. However, I know that it is not. For every record in a database that contains personal information, it would make sense to encrypt that data. So for example, their credit card number, or their email address, or their real address. The encryption key could be some combination of their username and password hash, combined with a date/time of registration, last login, last transaction, and/or some other secret pass phrase. This way, every record in the database would be encrypted differently and it would be extremely tough to crack unless they had access to the files that decrypted the information - which should obviously not be hosted publicly (server screws up and loses PHP plugin for example - all the raw source code would display). Of course, this does not protect against inside attacks. It never has done and never will do. I'm going to try to do something like this on webtagr.com this week if I get the time. Which I won't. |
|
| Author: | Ogris [ Wed Jun 29, 2011 12:14 am ] |
| Post subject: | Re: So after all this cipher stuff... |
Except... it is encrypted. The last link from lulzsec was all encrypted passwords. Sony was the only idiot storing stuff in plaintext(Seriously?) |
|
| Author: | azcn2503 [ Wed Jun 29, 2011 5:31 am ] |
| Post subject: | Re: So after all this cipher stuff... |
Did they say how well the data was encrypted? |
|
| Author: | Ogris [ Wed Jun 29, 2011 9:49 pm ] |
| Post subject: | Re: So after all this cipher stuff... |
Sony's data? They might as well have had a big sign saying HACK ME plastered all over their back. No idea about other companies. |
|
| Author: | azcn2503 [ Thu Jun 30, 2011 7:14 am ] |
| Post subject: | Re: So after all this cipher stuff... |
But once the hack was made, the data was available in plaintext right? |
|
| Author: | Si [ Thu Jun 30, 2011 10:45 am ] |
| Post subject: | Re: So after all this cipher stuff... |
a) Are we mistaking hash for encrypt in places. They are different functions and have different usefulnesses in different places. b) It doesn't matter how good something is encrypted. All good security should depend on the key being private and a good algorithm, even if if a database is leaked, without the correct key the data should be entirely useless. |
|
| Author: | azcn2503 [ Thu Jun 30, 2011 1:08 pm ] |
| Post subject: | Re: So after all this cipher stuff... |
Si wrote: a) Are we mistaking hash for encrypt in places. They are different functions and have different usefulnesses in different places. These things are definitely not being confused, well, not by me anyway! I'll put my idea in webtagr soon Si... soon as in... soon™. Basically next week but probably up to 2 weeks, maybe 3. It's real busy at real work  It will make more sense when I put this idea in to a live system.
|
|
| Author: | Ogris [ Fri Jul 01, 2011 12:41 am ] |
| Post subject: | Re: So after all this cipher stuff... |
azcn2503 wrote: But once the hack was made, the data was available in plaintext right? Only the sony one which had no encryption full stop. SEGA and the other sitest were only u/n and emails i believe(which to be honest, don't really need a massive encryption) |
|
| Page 1 of 1 | All times are UTC |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|