| From: | Christopher Browne <cbbrowne(at)acm(dot)org> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: When to encrypt |
| Date: | 2004-12-07 04:17:21 |
| Message-ID: | 31kp6hF3ad57bU3@individual.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Why do you think that's useful in limiting vulnerability?
In order for the system to mount the filesystem, the key has got to be
there.
If it's a "highly available" system, it's not acceptable for the
system to have to wait for a sysadmin to type in a decryption key, so
the key has to be sitting there, vulnerable to theft.
Given some sort of secure crypto hardware (nCipher, Sun Crypto
Accelerator, and such), it's possible to make the system reasonably
tamper-resistant, but the costs are pretty hefty, and tamper
resistance requires leaping back into the risk that a power outage
would require manual intervention to reinitialize the cryptographic
device.
This is a big problem: You can't just apply cryptography onto things
like you would add peanut butter to a sandwich and expect to actually
get security. It is eminently easy for a cryptographic system to only
provide the _impression_ of security.
--
let name="cbbrowne" and tld="gmail.com" in String.concat "@" [name;tld];;
http://linuxfinances.info/info/internet.html
It is usually a good idea to put a capacitor of a few microfarads
across the output, as shown.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Fuhr | 2004-12-07 04:46:19 | Re: Triggers don't activate when dropping table |
| Previous Message | Michael Fuhr | 2004-12-07 03:58:12 | Re: More problems |