On Thu, Jun 22, 2000 at 11:55:12PM -0400, Steve Sobol wrote:
> ...
> I am most worried about people being able to get access to the
> database in the event root is compromised. (This is a Linux box that I
> am
> dealing with). After I sent my original question, I decided that the
> only
> safe way to deal with this problem is to have the program that does the
> decryption offline.
Well, "the only" sounds too strong. The secret sharing technique known
and one can use concept of "honest and strong majority" of database
share-holders. Probably one can get long-lived secrets with shares
re-calculations using periodic update based on "sharing the zero value"
to mix everything.
Regards,
Vadim
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
