FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Security practices

 
Post new topic   Reply to topic     Forum Index -> dcrypt
View previous topic :: View next topic  
Author Message
bobef



Joined: 05 Jun 2005
Posts: 269

PostPosted: Wed Sep 24, 2008 12:50 am    Post subject: Security practices Reply with quote

Hello all,

I am not very experienced in this area and I would like to know about best security practices. What should one do and what should one avoid? I have a specific task, but it would be nice to comment things in general also. For example: What cipher to choose to encode streaming media? Is there a way to make a server-client communication completely secure? What if the client (or someone else) is able to capture the traffic, will it still be secure? What if the client is able to decompile the client application, will it still be secure?

Please share your experience if you have some.

Thanks,
bobef
Back to top
View user's profile Send private message
reikon



Joined: 31 Jul 2008
Posts: 7

PostPosted: Sat Jan 24, 2009 11:26 am    Post subject: Re: Security practices Reply with quote

bobef wrote:
Hello all,

I am not very experienced in this area and I would like to know about best security practices. What should one do and what should one avoid? I have a specific task, but it would be nice to comment things in general also. For example: What cipher to choose to encode streaming media? Is there a way to make a server-client communication completely secure? What if the client (or someone else) is able to capture the traffic, will it still be secure? What if the client is able to decompile the client application, will it still be secure?

Please share your experience if you have some.

Thanks,
bobef


I'll try to answer your questions as best I can, but bear in mind they may be slightly oversimplified.

bobref wrote:

What cipher to choose to encode streaming media?


I would suggest AES in CTR mode.

bobref wrote:

Is there a way to make a server-client communication completely secure?


There are several ways to establish secure communications channels, unfortunately all of them require public key cryptography which dcrypt doesn't currently support or pre-shared symmetric keys which are almost always a bad idea (because of the usually insecure way they're stored, reused, etc).

bobref wrote:

What if the client (or someone else) is able to capture the traffic, will it still be secure?


If done properly, yes.

bobref wrote:

What if the client is able to decompile the client application, will it still be secure?


Again, if done properly, yes. Never store secret keys inside your applications.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic     Forum Index -> dcrypt All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group