On Tue, 2003-01-07 at 22:17, Valdis.Kletnieksat_private wrote: > Unfortunately, you've just pushed the problem around - you now have your > data in a file that you need to copy to another system and decrypt in order > to actually DO anything with it. So you still have the private-key problem, > just on a different server. Yeah, but isn't that the whole point? Move the 'problem' (of accessing the raw/unencrypted data) to a more trusted zone. If you can encrypt the data in a non-reversible fashion (at least as far as this machine is concerned), you don't even need to worry about the passphrase (as can be found in the script anyway). You only have to worry about securely destroying the plain text after encryption. I believe the 'problem' of safeguarding the data from unauthorized access (presuming plain text is wiped) is solved. What hasn't been solved are all those other little issues that tend to bite folks in the butt, such as loss of decryption key, cipher data corruption (without the possibility of partial or context providing reconstruction as would be possible with plain text), creating a data pool of data with a single trust (decryption keys), and of course (as Michael McKay mentioned, silent replacement of encryption key with a rogue key, which is probably the biggest threat. Your scripts 'shreds' the data in front of your keys and you might not notice if you don't check the integrity of the encryption key. Cheers, Frank
This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 09:58:43 PST