Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

Re: Creating a rainbow table for a ten-digit number: Advice?

by Xilman (Hermit)
on Apr 11, 2010 at 17:12 UTC ( [id://834113]=note: print w/replies, xml ) Need Help??

in reply to Creating a rainbow table for a ten-digit number: Advice?

I've two observations. The first is that I don't have a good understanding of your threat model. Either you have not explained it very well or I'm being dim. I understand that you are attempting to protect a collection of 10-digit numbers but I do not understand the nature of the attackers against whom you are attempting to protect your information. Without a good threat model, evaluating security is almost meaningless.

The second is that this scenario seems to cry out for public key crypto. Issue all your data collection laptps with a RSA public key. Extend the data with a random sequence of digits so that exhaustive search with work function of 1e10 can't decrypt the data. Keep the private key secret. Anyone who can break kilobit RSA undoubtedly has the capability to break your security by other, cheaper, means.


  • Comment on Re: Creating a rainbow table for a ten-digit number: Advice?

Replies are listed 'Best First'.
Re^2: Creating a rainbow table for a ten-digit number: Advice?
by willyyam (Priest) on Apr 11, 2010 at 18:52 UTC

    Regarding the first observation, the real threat is the appearance of not taking the collection and retention of the data seriously.

    Regarding the second observation, I would love to know how to incorporate public key crypto into a database front-end - specifically one made in MS Access. That would be the preferred option to a hash+rainbow table by a long chalk.

      If all you want is the appearance of security, why not use XOR? Better yet, use something like Crypt::Rijndael so you can claim to be using the Advanced Encryption Standard.

      As far as the database goes, you can encrypt your data (with padding, Xilman++) before you do your INSERT and decrypt after you do your SELECT.

        With respect, XOR only provides the appearance of security to the naive or ignorant. Ethics committees are, for the most part, neither.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://834113]
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others exploiting the Monastery: (2)
As of 2024-05-26 06:21 GMT
Find Nodes?
    Voting Booth?

    No recent polls found