Encryption Mistakes, masterpiece by Chuvakin
Anton Chuvakin wrote a masterpiece about the most common mistakes regarding data encryption. They are:
- Not encrypting when it’s easy and accepted
- Creating your own encryption
- “Hard-coding” secrets
- Storing keys with the encrypted data
- not handling data recovery (or “where are those f* keys????”)
I think that every professional responsible for PCI compliance projects needs to read it. Encryption is not that silver bullet you’re looking for (in fact, I hope you’re not looking for one!)
Thank you soooo much for calling it a “masterpiece”
March 2, 2007 @ 4:25 pm