> Many programs need a private key for encryption. Possession of this key is usually > part if not all of the decision for authentication. > > The only relatively safe way of maintaining this key on disk is to encrypt it and > require a decryption password from the user when starting the process. > > Unfortunately, system admins have a beef with servers that restart and require an > operator to input a password to get the >services up, especially in production > environments.
An example of this is when you run a https server with a signed cert and non empty passphrase. You need to put the key everytime you restart the service. IMHO, a solution could be some kind of hard-key (EEPROM connected to the parallel port). pablo. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
