View previous topic :: View next topic |
Author |
Message |
bobef
Joined: 05 Jun 2005 Posts: 269
|
Posted: Wed Sep 24, 2008 12:50 am Post subject: Security practices |
|
|
Hello all,
I am not very experienced in this area and I would like to know about best security practices. What should one do and what should one avoid? I have a specific task, but it would be nice to comment things in general also. For example: What cipher to choose to encode streaming media? Is there a way to make a server-client communication completely secure? What if the client (or someone else) is able to capture the traffic, will it still be secure? What if the client is able to decompile the client application, will it still be secure?
Please share your experience if you have some.
Thanks,
bobef |
|
Back to top |
|
|
reikon
Joined: 31 Jul 2008 Posts: 7
|
Posted: Sat Jan 24, 2009 11:26 am Post subject: Re: Security practices |
|
|
bobef wrote: | Hello all,
I am not very experienced in this area and I would like to know about best security practices. What should one do and what should one avoid? I have a specific task, but it would be nice to comment things in general also. For example: What cipher to choose to encode streaming media? Is there a way to make a server-client communication completely secure? What if the client (or someone else) is able to capture the traffic, will it still be secure? What if the client is able to decompile the client application, will it still be secure?
Please share your experience if you have some.
Thanks,
bobef |
I'll try to answer your questions as best I can, but bear in mind they may be slightly oversimplified.
bobref wrote: |
What cipher to choose to encode streaming media?
|
I would suggest AES in CTR mode.
bobref wrote: |
Is there a way to make a server-client communication completely secure?
|
There are several ways to establish secure communications channels, unfortunately all of them require public key cryptography which dcrypt doesn't currently support or pre-shared symmetric keys which are almost always a bad idea (because of the usually insecure way they're stored, reused, etc).
bobref wrote: |
What if the client (or someone else) is able to capture the traffic, will it still be secure?
|
If done properly, yes.
bobref wrote: |
What if the client is able to decompile the client application, will it still be secure?
|
Again, if done properly, yes. Never store secret keys inside your applications. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|