Re: When to encrypt

The world rejoiced as kleptog@svana.org (Martijn van Oosterhout) wrote:
> On Mon, Dec 06, 2004 at 04:07:25PM -0500, Greg Stark wrote:
>> By contrast, encryption is useful for non-live data such as
>> database backups.  This lets you take them off-site and store them
>> someplace without worrying about someone walking off with your
>> entire database. Or to discard the tapes without worrying about
>> someone reading your old data from the discarded tapes.  (Assuming
>> of course that you don't write the key on the label...)
>
> Actually, hard disk encryption is useful for one thing: so if
> somebody kills the power and takes the hard disk/computer, the data
> is safe.  While it's running it's vulnerable though...

Why do you think that's useful in limiting vulnerability?

In order for the system to mount the filesystem, the key has got to be
there.

If it's a "highly available" system, it's not acceptable for the
system to have to wait for a sysadmin to type in a decryption key, so
the key has to be sitting there, vulnerable to theft.

Given some sort of secure crypto hardware (nCipher, Sun Crypto
Accelerator, and such), it's possible to make the system reasonably
tamper-resistant, but the costs are pretty hefty, and tamper
resistance requires leaping back into the risk that a power outage
would require manual intervention to reinitialize the cryptographic
device.

This is a big problem: You can't just apply cryptography onto things
like you would add peanut butter to a sandwich and expect to actually
get security.  It is eminently easy for a cryptographic system to only
provide the _impression_ of security.
--
let name="cbbrowne" and tld="gmail.com" in String.concat "@" [name;tld];;
http://linuxfinances.info/info/crypto.html
It is usually a   good idea to  put  a capacitor of a  few microfarads
across the output, as shown.