Encrypting without secrets
Do you have a Web site or other system that deals in secrets of any sort? It seems like every time I give a security talk, people ask how to deal with the sticky problem of storing secrets. Connection strings with passwords are an obvious problem. You're better off simply using integrated security to get rid of those secrets, at least with SQL Server™, or an Oracle database. But what about credit card numbers and other financial or personal information? Can encryption help?
[ Read more ]