-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Apr 24, 2009 at 03:48:16PM -0400, Bill Moran wrote: > In response to to...@tuxteam.de: >
[...] > > > It is generally much safer to keep keys and the > > > decryption process on a separate server. > > > > Or just client-side. Minimum spread of knowledge [...] [...] > Not true. If each user has their own key, it's considerably more > secure than encrypting the partition That's definitely the advantage of this approach. [...] > since it protects from through- > application attacks as well as physically stolen hardware. That depends which state the hardware is in when it's "stolen". If it's quiescent, good. If it's running (that's what I was referring to with "live"), the attacker will be able to troll the RAM for unlocked keys, or whatever. Granted, with a per-user key only the keys of the users currently "on line" will be compromised. > Also, putting the key on the client machine causes the client machine to > be an attack vector, and client machines are usually more numerous and > more difficult to secure than servers. Let's face it: once the attacker "has" the client machine, (s)he has nearly won. watch all those trojans, keyloggers, whatever in action. "Having" the client machine means a trojan can impersonate as the user - -- game over (but at least only to the data this particular user has access to). Note that I'm not talking about stealing the hardware, but hijacking, trojanizing, whatever. That's the real threat, in this Javascript/Flash/Silverlight infested world. Regards - -- tomáss -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJ8pztBcgs9XrR2kYRAnWrAJ9Q1TEYlm1M/ipGb+EEyW0AY3vQ0gCeIwCE qta1Q0oAv8bYHsHQHgHO16s= =OTTh -----END PGP SIGNATURE----- -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
