IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [storage]

Details on how data is being kept in memory/on disks, most frequently being applied to databases, media banks and backup-recovery solutions.

239 questions
8
votes
2 answers

Security of Microsoft OneDrive

A friend asked about putting some of his data on Microsoft's OneDrive. I did some research, and what I learned seems very surprising. It appears that all the user data on MS OneDrive is store completely unencrypted (it is only temporarily encrypted…
RockPaperLz- Mask it or Casket
  • 3,114
  • 21
  • 50
8
votes
3 answers

How can salted, hashed password storage be combined with a plaintext, nonce and hash based authentication?

My understanding is as follows: To securely store a password (e.g. in a database), you use a hashing algorithm designed for this purpose (designed to be slow, e.g. bcrypt), and you use a unique salt for each password. This makes it hard/slow for…
Tim
  • 183
  • 1
  • 4
7
votes
2 answers

How to safely store bearer tokens on server?

Imagine you're running a service that implements an OAuth 2.0 flow to allow your end users to log into 3rd party apps, and authorize those apps to consume your service's data through some API. Upon successfully authenticating a 3rd party app through…
derabbink
  • 241
  • 2
  • 7
7
votes
5 answers

Can I show Credit Card Data to final customers and be PCI Compliant?

I work with reservation management syatems. In the hospitality industry there is the concept of credit card as guarantee. By it when making any kind of reservation you are asked for your credit card info in order to secure the reservation, however…
jvlucic
  • 83
  • 1
  • 5
7
votes
4 answers

Safe storage service for private keys

Is it currently technically (as opposed to financially) possible to provide a fairly secure means of providing a storage facility for private keys, not excluding physical verification etc? As in, you store your private keys, themselves encrypted via…
lapax
  • 71
  • 4
7
votes
3 answers

Is it ok for software to store passwords locally in plain-text?

There are already plenty of questions about what to do when websites store plain-text passwords. But this one is a little different. I use a piece of open-source (see below) software for playing games. It requires a user account that isn't directly…
Selali Adobor
  • 184
  • 1
  • 7
7
votes
5 answers

Is storing sensitive data in files instead of a database safe?

Say I have a hypothetical PHP application which will store hashed passwords in a file in the same directory. At first, this seems like it would be very insecure, since one could guess at the name of the file and open it via a web browser…
Radvylf Programs
  • 598
  • 4
  • 12
7
votes
7 answers

Implications of securing data in RAM

Someone told me that his company is storing all application data (at least the sensitive data I guess) in RAM for security. Their application runs for long periods of time, so data stays in memory for a long time. Is it more secure to you keep…
user19833
7
votes
7 answers

How to securely store sensitive information?

I tried finding answers on my own before submitting this question, but I failed. I have banking information which I would like to securely share with my wife. For some reasons she can't just go to a bank and access those accounts. So I am thinking…
mobdob
  • 71
  • 2
7
votes
2 answers

Best reasonable way to store a secret safely

I'm working on a software that need to store and use secrets. These secrets can be for example: a password to connect to a database a client secret for an OAuth 2.0 client_credentials grant. I need to store these passwords somewhere (preferably in…
superbob
  • 173
  • 1
  • 1
  • 6
7
votes
1 answer

Do TrueCrypt volumes look like random data?

Let say I use Eraser (or other tools) to erase my hard drive (using DoD standards which is 7 times or Gutmann which is 35 times), These eraser tools just write random data on the hard drive many times correct? Also if encryption looks like random…
klj613
  • 171
  • 2
6
votes
1 answer

How to store client secret securely on application base in Windows?

I would like to store valuable client data (ex. passwords, OAuth tokens) in a way that they will be accessible only from one application (separation on application base). The mechanism must be transparent for the user - additional password…
random_crane
  • 101
  • 5
6
votes
2 answers

What SSD maker has implemented Secure Erase to spec?

I have a Kingston hyperx drive circa 2012. I kicked off a secure erase on it. I then remounted the drive and was horrified (well, not really more like bemused) to see my whole parts of my old file system still intact. This correlates with the well…
John Thompson
  • 181
  • 4
6
votes
2 answers

Security of PGP for Long-Term Storage

How secure are PGP/GPG encrypted mails? I realize that it's probably fine for regular e-mail scenarios, but what about the security over longer time periods (>30 years)? Is the 4096 bit limit for RSA keys of GPG going to be an issue (given that…
user28381
  • 61
  • 1
6
votes
2 answers

How to access Replay Protected Memory Block (RPMB) in eMMC?

RPMB is a special partition in eMMC 4.5. Internet research suggests that it is used for saving keys and is the only special partition that responds to commands like READ, WRITE. etc. Can anyone explain to me how to use RPMB and how it can actually…
Satya
  • 61
  • 1
  • 1
  • 5
1 2
3
15 16