Subject | Re: [Firebird-Architect] database encryption |
---|---|
Author | Sijun Kang |
Post date | 2010-11-04T13:25:07Z |
While EFS does solve the problem of a lost laptop (great!), and I definitely
agree that malware should be excluded in the scope of discussion (it's a
whole different matter indeed), database with encryption actually solve
problems that might be incurred by "good programs" :)
Let me elaborate a bit more - when EFS is mounted as a drive/directory, all
sorts of programs might "try to help you find information" (such as google
desktop search, microsoft search companion, etc, etc). Although you
consider them "good programs", but they definite serve as a information
leaking hole (for one thing - who knows where they store their index data or
even transfer your data?). Also worth mentioning is the operating system,
although we defintely consider it our friend (when free of virus/malware),
but it caches information to speed up IO access and thus also contributes as
another leaking channel of any sensitive information stored in EFS. Anyway,
this list can go on and on ...
Another thing - key management with EFS might be a pain, whereas database
with encryption might greatly reduce it (with such mechanism as proposed by
Jim Starkey - see his post on this topic yesterday) and even pain-free.
BTW, Truecrypt's license is more or less copylefted. I don't think you can
deploy it along with your application without making your application
open-source.
To summary (but not to conclude) -
A. encryption (either at database or file system level) does solve
problem within some defined boundary.
B. EFS serves well in situation where information needs to
be accessed by more programs.
C. database with encryption has less exposure surface for sensitive
information and might be able to make key management easier.
Regards,
Sijun Kang
On Wed, Nov 3, 2010 at 8:40 PM, Geoff Worboys <geoff@...
agree that malware should be excluded in the scope of discussion (it's a
whole different matter indeed), database with encryption actually solve
problems that might be incurred by "good programs" :)
Let me elaborate a bit more - when EFS is mounted as a drive/directory, all
sorts of programs might "try to help you find information" (such as google
desktop search, microsoft search companion, etc, etc). Although you
consider them "good programs", but they definite serve as a information
leaking hole (for one thing - who knows where they store their index data or
even transfer your data?). Also worth mentioning is the operating system,
although we defintely consider it our friend (when free of virus/malware),
but it caches information to speed up IO access and thus also contributes as
another leaking channel of any sensitive information stored in EFS. Anyway,
this list can go on and on ...
Another thing - key management with EFS might be a pain, whereas database
with encryption might greatly reduce it (with such mechanism as proposed by
Jim Starkey - see his post on this topic yesterday) and even pain-free.
BTW, Truecrypt's license is more or less copylefted. I don't think you can
deploy it along with your application without making your application
open-source.
To summary (but not to conclude) -
A. encryption (either at database or file system level) does solve
problem within some defined boundary.
B. EFS serves well in situation where information needs to
be accessed by more programs.
C. database with encryption has less exposure surface for sensitive
information and might be able to make key management easier.
Regards,
Sijun Kang
On Wed, Nov 3, 2010 at 8:40 PM, Geoff Worboys <geoff@...
> wrote:[Non-text portions of this message have been removed]
> Sijun Kang wrote:
> > Just as securiting network resource starts with minimizing
> > "attack surface", I do prefer database with encryption
> > against EFS, which I think has a much bigger "exposed
> > surface". :)
>
> That depends on how you define the surface area and what you
> are protecting against. Your posting suggested that you were
> concerned about losing your laptop (as opposed to some malware
> attack from "inside" the running computer).
>
> If that's the case then the attack surface is smallest if there
> is just the encrypted volume - an apparently random stream of
> bytes. If you leave the system unencrypted then the attacker
> gets to look at all the other parts of your system and may find
> what they want there (in swap files, temporary files etc etc).
>
> --
> Geoff Worboys
> Telesis Computing
>
>
>
> ------------------------------------
>
> Yahoo! Groups Links
>
>
>
>