![]() ![]() ![]() ![]() But what about integrity? Should you use an authenticated cipher mode like GCM? What will you do if the authentication tag fails verification? (That's fairly straightforward, most people are likely to agree on this). A password manager should protect the identity of the sites the user has saved, the content of the username and password field, and any associated notes. To give a couple of specific (but non-exhaustive) examples, generally framed in terms of password managers: This is usually where most implementers fall over (including the big commercial products). Understand (before you start writing code) the basic security properties that you want to deliver through use of cryptography. ![]()
0 Comments
Leave a Reply. |