[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] keeping data safe offline

To: Erki Männiste <Erki.Manniste@xxxxxxxxxxx>, "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] keeping data safe offline
From: Gage Bystrom <themadichib0d@xxxxxxxxx>
Date: Tue, 10 Apr 2012 08:33:42 -0700

The best you could do without internet access to store the keys is to
implement a strong crypting method on the app itself and use every trick
you can that would piss off a reverse engineer.
On Apr 9, 2012 2:26 PM, "Erki Männiste" <Erki.Manniste@xxxxxxxxxxx> wrote:

> I am developing a software that is going to be distributed to end-users on
> usb sticks. The application and the content will be stored on that device
> and the content will be stored in a one-file sqlCE database, it will be
> crypted by default and will be encrypted by the application on-the-fly.
> My client has made it clear, that he wants to keep end-users from copying
> the content and using it on any other device but that very stick. Now, due
> to the offline requirement this is impossible to achive because i have to
> store the encryption key somewhere in the code and users are able to access
> the data while in unencrypted state.
> Can anybody recommend me any mechanism that i could apply, to make it more
> difficult for users to copy the content?
>
> ERKI
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and
> how your customers can tell if a site is secure. You will find out how to
> test, purchase, install and use a thawte Digital Certificate on your Apache
> web server. Throughout, best practices for set-up are highlighted to help
> you ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] 44Con London 2012 CFP - September 5th - 7th
Next by Date: [Full-disclosure] Matterdaddy Market v1.1 - SQL Injection Vulnerabilities
Previous by thread: [Full-disclosure] 44Con London 2012 CFP - September 5th - 7th
Next by thread: [Full-disclosure] Matterdaddy Market v1.1 - SQL Injection Vulnerabilities
Index(es):
- Date
- Thread