On Mar 13, 2014, at 11:06 AM, Aristedes Maniatis <a...@maniatis.org> wrote:
> On 13/03/2014 6:31pm, Andrus Adamchik wrote:
>>
>> On Mar 13, 2014, at 10:05 AM, Aristedes Maniatis <a...@maniatis.org> wrote:
>
>>> It would be nice public relations to have "Cayenne has out-of-the-box
>>> crypto support" as a feature. Are you storing a key version as part of the
>>> encrypted data stream?
>>
>> I am still working on this piece actually. It has to be attached to the
>> record. The question is whether we keep it unencrypted (simplifies
>> management and migration between keys), or encrypt it together with the data
>> (more secure).
>
>
> I don't see any value in encrypting it. What security does that create? Also,
> keeping it in the same database column makes for simpler storage and
> robustness. Much like storing the salt with a password hash, or the hashing
> algorithm with the password in LDAP:
>
> 86gwfku:tgiynv45zpyqaqqpucnp3f8k8uk3dzqy
>
> {SSHA}ddrd686254iteu9gqsz4aztufkgbctuz
yeah, perhaps you are right. Encrypting it doesn’t provide better protection
from brute-force attacks on the key. Just some obfuscation.
Andrus
