[6329] in cryptography@c2.net mail archive
Re: starting up servers that need access to secrets
daemon@ATHENA.MIT.EDU (Rich Salz)
Wed Jan 5 10:29:21 2000
Date: Wed, 5 Jan 2000 00:15:21 -0500 (EST)
From: Rich Salz <salzr@certco.com>
To: "Jeffrey M. Smith" <jsmith@purdue.edu>
Cc: cryptography@c2.net
In-Reply-To: <387268D8.70FCC868@purdue.edu>
Message-ID: <Pine.BSI.3.96.1000105000643.13496H-100000@haggis.ma.certco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
> Is there a good solution to the problem of starting up a network server that
> needs access to an encrypted database?
> (They also give
> you the option of having the server store the pass phrase on disk, although
> they warn you that this is completely insecure.)
Is it really? That's not clear, to me. Do you trust the local
machine, or not? Have you locked it down, or not.
You are worried about someone "breaking in" and being able to read
the passphrase. But you are not worried about someone "breaking
in" and replacing software?
Are you sure that's a realistic distinction to make?
/r$
