| Subject | Re: [Firebird-Architect] database encryption |
|---|---|
| Author | Geoff Worboys |
| Post date | 2010-11-04T00:40:35Z |
Sijun Kang wrote:
are protecting against. Your posting suggested that you were
concerned about losing your laptop (as opposed to some malware
attack from "inside" the running computer).
If that's the case then the attack surface is smallest if there
is just the encrypted volume - an apparently random stream of
bytes. If you leave the system unencrypted then the attacker
gets to look at all the other parts of your system and may find
what they want there (in swap files, temporary files etc etc).
--
Geoff Worboys
Telesis Computing
> Just as securiting network resource starts with minimizingThat depends on how you define the surface area and what you
> "attack surface", I do prefer database with encryption
> against EFS, which I think has a much bigger "exposed
> surface". :)
are protecting against. Your posting suggested that you were
concerned about losing your laptop (as opposed to some malware
attack from "inside" the running computer).
If that's the case then the attack surface is smallest if there
is just the encrypted volume - an apparently random stream of
bytes. If you leave the system unencrypted then the attacker
gets to look at all the other parts of your system and may find
what they want there (in swap files, temporary files etc etc).
--
Geoff Worboys
Telesis Computing