On 3/14/2017 3:57 PM, Nico Williams wrote:
On Tue, Mar 14, 2017 at 03:54:36PM -0700, Adam Lewenberg wrote:
If you use a master key and you back up all your files _except_ the master
key to some remote location, wouldn't that suffice to protect the database
in that remote location?
No. The problem is that the master key is not used to bind principal
keys to principal records. This means that a backup operator could give
you back a dump where a user's keys are pasted into the krbtgt
principal(s), and if you load this dump that user will now be able to
mint tickets for any service as any user. (You might notice this
attack, but probably not in time to stop it.)
If I trust the backup operator (e.g., it's me), then it still might be
useful as at the very least it makes it harder for anyone who runs
across the database file to guess the passwords. On the other hand,
encrypting the entire file before backup, as you suggest, accomplishes
this _and_ removes the concern of getting back a compromised database.
Thanks for the enlightenment.