Re: Protection from ROOT

From: Jack Repenning <jrepenning_at_collab.net>
Date: 2003-08-11 19:33:36 CEST

At 12:15 PM -0500 8/11/03, Jerry Haltom wrote:
>I suspose basic crytpgraphy comes into play here. If the encrypted data
>exists on a box, and the box must read from that data, as it would have
>to in order to access it. Then understandably the key itself must exist
>on the system.

It is usual to work around this problem by having the user provide
the key at runtime. Or the key that decrypts the keyring, or some
level of indirection.

But even if the key is stored on the server, it can be stored in some
"obscure" form. This is not infinitely secure, but then nothing is
(that, too, is basic cryptography, isn't it?). Obfuscated key
storage does significantly raise the level of attack necessary, and
at the least, can cross things over some line that allows
non-technical protections to come into play (i.e., lawyers and
contracts).

But no, I don't think we can do this today ;-)

-- 
-==-
Jack Repenning
CollabNet, Inc.
8000 Marina Boulevard, Suite 600
Brisbane, California 94005
o: 650.228.2562
c: 408.835-8090
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Received on Mon Aug 11 19:35:12 2003

This message: [ Message body ]
Next message: lamikr_mdk: "Re: Protection from ROOT"
Previous message: Jerry Haltom: "Re: Protection from ROOT"
In reply to: Jerry Haltom: "Re: Protection from ROOT"
Next in thread: lamikr_mdk: "Re: Protection from ROOT"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]