Research suggests that locally stored keys can be located by individuals who simply look for the relative 'randomness' of the key in contrast to the surrounding data. Conventional wisdom dictates that the keys used for generating digital signatures or decrypting . . .
Research suggests that locally stored keys can be located by individuals who simply look for the relative 'randomness' of the key in contrast to the surrounding data. Conventional wisdom dictates that the keys used for generating digital signatures or decrypting documents must be stored on a user's computer. If stored elsewhere, the argument goes, a hacker or corrupt system administrator may access the keys for some nefarious purpose.

This aphorism is rooted primarily in two beliefs: Transactions digitally signed using a private key stored on a client machine are considered "non-reputable," and keys stored on client machines are somehow safer than those stored at a centralized location.

The link for this article located at osOpinion is no longer available.