On 07.06.2018 20:01, Dimitry Sibiryakov wrote:
07.06.2018 18:40, Alex Peshkoff via Firebird-devel wrote:
Ability to easily get ncryption key from working connections mean badly written KeyHolder.

  No matter how well is written KeyHolder, thanks to CLOOP signatures it is very easy to identify and hijack encrypt/decrypt routines of crypt plugin itself.



As I've already said if one has access to server's RAM there are a lot of ways to get both unencrypted data & keys. But that's 'slightly' different level compared with intercepting of network messages.



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to