[6331] in cryptography@c2.net mail archive
Re: starting up servers that need access to secrets
daemon@ATHENA.MIT.EDU (Jeffrey M. Smith)
Wed Jan 5 10:29:59 2000
Message-Id: <38735DBA.C3E6CA15@purdue.edu>
Date: Wed, 05 Jan 2000 10:05:30 -0500
From: "Jeffrey M. Smith" <jsmith@purdue.edu>
MIME-Version: 1.0
To: Rich Salz <salzr@certco.com>
Cc: cryptography@c2.net
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Rich Salz wrote:
>
> > Is there a good solution to the problem of starting up a network server that
> > needs access to an encrypted database?
>
> > (They also give
> > you the option of having the server store the pass phrase on disk, although
> > they warn you that this is completely insecure.)
>
> Is it really? That's not clear, to me. Do you trust the local
> machine, or not? Have you locked it down, or not.
>
> You are worried about someone "breaking in" and being able to read
> the passphrase. But you are not worried about someone "breaking
> in" and replacing software?
>
> Are you sure that's a realistic distinction to make?
> /r$
Thanks for your reply.
Your comments about locking down the server host are correct. I think the
distinction becomes realistic in a worst case scenario. If you assume that
even a locked down server may be broken in to, if the pass phrase to your
encrypted database isn't on disk then you're better off. If you're running
tripwire then you should be able to detect altered software and reload it, and
your secret is still safe as long as you used a strong encryption algorithm.
--
Jeff Smith
Purdue University phone: 765-496-8285
West Lafayette IN 47907-1408 fax: 765-494-0566
