On Wed, Aug 15, 2001 at 11:21:03PM +0800, Orlando Andico wrote:
> On Wed, 15 Aug 2001, Rafael 'Dido' Sevilla wrote:
> ..
> > No, I mean a physical device that is supposed to store SSL keys more
> > safely than you could by placing it on a server hard disk.
>
> More safely? safely as in data-integrity wise or safely as in securely?
> if data-integrity, just burn it onto a CD. 10 years rated lifespan.
OK here's a practical problem. How can you restart a SSL webserver
without prompting for a password from the tty? Either you store the private
key unencrypted, but in the "safe" place being sought; or encrypt it, but
keep the password/phrase - much smaller in terms of bytes - "safe".
The CD, or a write-protected floppy, would provide read-only media that
cannot be tampered, but an intruder can still read and steal it.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
