Subject | Re: [Firebird-Architect] Re: database encryption |
---|---|
Author | Jim Starkey |
Post date | 2010-11-07T02:30:40Z |
This is absurd. Line and database file encryption is a perfectly
reasonable request and well within the state of the art. Throwing a
bunch of bogus objections at it will not make it go away. Yes, on one
hand, a provably secure solution assuming that DNS and the OS have been
successfully hijacked is not feasible, but that isn't necessary.
I suggest there are two basic requirements:
1. Defensible line security to level of AES, including intelligent
use of PKES for key exchange
2. File (page) level encryption to defeat inquiring eyes.
If you want to add certificate based server authentication, fine, but
nobody has asked for it.
The argument that there is nothing between obfuscation and perfect
security is ridiculous. Perfect security is myth, of course. But
practical security that would take a realistic millennium to break is
achievable with relative little work. But it requires thought, which, I
might add, has been remarkably missing in this discussion.
reasonable request and well within the state of the art. Throwing a
bunch of bogus objections at it will not make it go away. Yes, on one
hand, a provably secure solution assuming that DNS and the OS have been
successfully hijacked is not feasible, but that isn't necessary.
I suggest there are two basic requirements:
1. Defensible line security to level of AES, including intelligent
use of PKES for key exchange
2. File (page) level encryption to defeat inquiring eyes.
If you want to add certificate based server authentication, fine, but
nobody has asked for it.
The argument that there is nothing between obfuscation and perfect
security is ridiculous. Perfect security is myth, of course. But
practical security that would take a realistic millennium to break is
achievable with relative little work. But it requires thought, which, I
might add, has been remarkably missing in this discussion.
On 11/6/2010 11:18 AM, Adriano dos Santos Fernandes wrote:
> On 06-11-2010 10:26, Sijun Kang wrote:
>> Operating system paging can be turned off (or disabled in low level in the
>> program - not sure about this part). Regarding hibernate - user needs to be
>> know the consequence on data security. Basically the user needs to close the
>> app before hibernation. It would be super if we can do that automatically.
>>
> Another process can also read the unencrypted memory of an active
> Firebird process.
>
>
> Adriano
>
>
> ------------------------------------
>
> Yahoo! Groups Links
>
>
>
>
[Non-text portions of this message have been removed]