| Subject | Re: [Firebird-Architect] database encryption |
|---|---|
| Author | Geoff Worboys |
| Post date | 2010-11-03T23:22:19Z |
Adriano dos Santos Fernandes wrote:
encryption and this is the use it will be put to most of the
time - close to useless but it makes people feel better.
It's got to be tempting to implement useless encryption just
to be able to close the relevant items on tracker, but then
you're forced to deal with all the fixes and enhancements that
will inevitably follow. People will eventually want to deal
with:
. problems with paging and hibernation
. plausible deniability
. key files
. security tokens and smart-cards etc
. multiple encryption algorithms
. cascading encryption
. hardware acceleration (AES in the CPU)
which is really frustrating when you realise that I have just
listed some features of Truecrypt v7: http://www.truecrypt.org/
freely available right now and makes it easy to create
encrypted volumes that can host databases, email and anything
else. And it's not the only option, someone here already
mentioned EFS, which has to be tempting for those using recent
Windows versions.
The general thinking always seems to be that implementing
encryption is easy - and these days it is! What's much harder
is making a secure system, key management and other issues.
If there weren't already many other very good options I'd be
all for Firebird doing the best it could, but as it stands
there is little that Firebird could do but make it easier for
developers to add to the available snake-oil:
http://www.schneier.com/crypto-gram-9902.html#snakeoil
--
Geoff Worboys
Telesis Computing
> And most people wanting encrypted or password-protectedThanks Adriano, that was the item missing off Jim's list. Add
> databases wants that because they want to distribute their
> database to others but do not want they to see the data
> from outside their applications.
encryption and this is the use it will be put to most of the
time - close to useless but it makes people feel better.
It's got to be tempting to implement useless encryption just
to be able to close the relevant items on tracker, but then
you're forced to deal with all the fixes and enhancements that
will inevitably follow. People will eventually want to deal
with:
. problems with paging and hibernation
. plausible deniability
. key files
. security tokens and smart-cards etc
. multiple encryption algorithms
. cascading encryption
. hardware acceleration (AES in the CPU)
which is really frustrating when you realise that I have just
listed some features of Truecrypt v7: http://www.truecrypt.org/
freely available right now and makes it easy to create
encrypted volumes that can host databases, email and anything
else. And it's not the only option, someone here already
mentioned EFS, which has to be tempting for those using recent
Windows versions.
The general thinking always seems to be that implementing
encryption is easy - and these days it is! What's much harder
is making a secure system, key management and other issues.
If there weren't already many other very good options I'd be
all for Firebird doing the best it could, but as it stands
there is little that Firebird could do but make it easier for
developers to add to the available snake-oil:
http://www.schneier.com/crypto-gram-9902.html#snakeoil
--
Geoff Worboys
Telesis Computing