| From: | Daniel Martini <dmartini(at)uni-hohenheim(dot)de> |
|---|---|
| To: | Greg Stark <gsstark(at)mit(dot)edu> |
| Cc: | Martijn van Oosterhout <kleptog(at)svana(dot)org>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: When to encrypt |
| Date: | 2004-12-07 08:31:37 |
| Message-ID: | 1102408297.41b56a6975087@webmail.uni-hohenheim.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi,
Citing Greg Stark <gsstark(at)mit(dot)edu>:
> Martijn van Oosterhout <kleptog(at)svana(dot)org> writes:
> > Actually, hard disk encryption is useful for one thing: so if somebody
> > kills the power and takes the hard disk/computer, the data is safe.
> > While it's running it's vulnerable though...
>
> Where do you plan to keep the key?
Well, where do you plan to keep the key for your encrypted backup tapes,
like you suggested in another post in this thread ;-)
That's pretty much the same problem.
Anyways, there are a bunch of solutions to this problem. All the good
ones require manual intervention (key entry, not necessarily by hand)
in case of the encrypted partition being brought from the unmounted
into the mounted state and rely on a certain person or a group of people
being trusted. Problem one (man. intervention) will not be a problem
at all, if the data is really valuable. Problem two (trust) is more
difficult. The more you distribute a single key across different people
and media, the less trust you will need in every single person, but the
more difficult will it be to conveniently access the data.
Regards,
Daniel
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Per Jensen | 2004-12-07 08:37:18 | Re: Index scan vs. Seq scan on timestamps |
| Previous Message | Michael Fuhr | 2004-12-07 08:31:13 | Re: Drop table |