From bafd50487966382ce1a7b3e9e7202e2816e82c40 Mon Sep 17 00:00:00 2001
From: Riccardo ten Cate <r.tencate77@gmail.com>
Date: Mon, 11 Mar 2019 11:52:58 +0100
Subject: [PATCH] Create
 277-knowledge_base--secrets_shared_with_the_client--.md

---
 ...ledge_base--secrets_shared_with_the_client--.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 skf/markdown/knowledge_base/277-knowledge_base--secrets_shared_with_the_client--.md

diff --git a/skf/markdown/knowledge_base/277-knowledge_base--secrets_shared_with_the_client--.md b/skf/markdown/knowledge_base/277-knowledge_base--secrets_shared_with_the_client--.md
new file mode 100644
index 000000000..f112a4c22
--- /dev/null
+++ b/skf/markdown/knowledge_base/277-knowledge_base--secrets_shared_with_the_client--.md
@@ -0,0 +1,14 @@
+Description:
+
+symmetric keys, passwords, or API secrets that are shared with the client should
+not be used for functions that are classified critical.
+
+Whenever a client is sucessfully targeted by a malicious attacker the integrety
+of these keys is no longer guaranteed. 
+
+Solution:
+
+Verify that symmetric keys, passwords, or API secrets generated
+by or shared with clients are used only in protecting low risk secrets, 
+such as encrypting local storage, or temporary ephemeral uses such as parameter obfuscation.
+Sharing secrets with clients is clear-text equivalent and architecturally should be treated as such.