[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SecureFile
Jeremey Barrett wrote:
> Out of curiosity, do you know how the keys are protected by windoze
> itself?
I am sorry I dont understand you question.
> I have the CAPI cd but have had all of 5 minutes to look at it. I would
> presume they're hashing your password into a key and then encrypting
> with
> it, or encrypting another key with it. Any idea?
Your Windows password is not used to actually any data. The Windows
login just lets you access your keys. This way even if you change your
Windows password it will not affect yout CAPI installation. As long as
the OS identifies you it lets you access your keys.
> What is somewhat bothersome (and this would go for anything using CAPI
> in the way your product does) is the reliance upon the windoze password.
> If that were compromised, it seems all other CAPI integrated keys would
> also be compromised. Let's hope they choose good passwords, and know not
> to re-use the same one on the net somewhere. :-)
Yes! you are right. Security without a good policy is an open door.
> (BTW, does windoze allow arbitrary length passwords or phrases, or does
> it
> have a short limit?)
>
This can be configured by the administrator of the domain.
> Jeremey.
Thank you for your interest in SecureFile. Please feel free to ask any
questions you may have.
Anand Abhyankar
--
\|||/
( O-O )
*----------------*-----------*--------.ooo0--(_)-0ooo.----------*
Anand Abhyankar
Querisoft Systems Pvt. Ltd. Email : [email protected]
810, Sindh Society, Aundh, Phone (Off) : 91-212-385925
Pune - 411 007. INDIA (Res) : 91-212-351023
.oooO
( ) Oooo.
*----------------*-----------*------------\ (----( )----------*
\_) ) /
(_/