[6335] in cryptography@c2.net mail archive
Re: starting up servers that need access to secrets
daemon@ATHENA.MIT.EDU (Ben Laurie)
Wed Jan 5 13:25:17 2000
Message-ID: <38736665.404405C2@algroup.co.uk>
Date: Wed, 05 Jan 2000 15:42:29 +0000
From: Ben Laurie <ben@algroup.co.uk>
MIME-Version: 1.0
To: Rich Salz <salzr@certco.com>
Cc: "Jeffrey M. Smith" <jsmith@purdue.edu>, cryptography@c2.net
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Rich Salz wrote:
> Another approach would be to double the number of systems that the adversary
> must compromise. HostA will run the service, but only when HostB sends
> it startup info. At boot A pings B. B "calls back" over over an SSL link
> and sends the passphrase using something like S/Key perhaps.
Does that double the number of systems? Surely all the adversary has to
do is substitute his own s/w for the thing that receives the passphrase
and reboot A, not requiring a crack of B at all.
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
