> Does that double the number of systems? Surely all the adversary has to
> do is substitute his own s/w for the thing that receives the passphrase
> and reboot A, not requiring a crack of B at all.
That's why I said S/Key. Rebooting A would get the two out of sync
and while the adversary might get the key the server wouldn't start
and you'd be aware of key theft.
Note that my suggestion was to solve Jeffrey's original issue --
keeping the passphrase off the server, to protect from adversarial
read (but not write) access. It is NOT a solution to my concerns
(protecting against both read and write).
/r$
- starting up servers that need access to secrets Jeffrey M. Smith
- Re: starting up servers that need access to secrets Matthew Hamrick
- Re: starting up servers that need access to secrets Rich Salz
- Re: starting up servers that need access to secr... Jeffrey M. Smith
- Re: starting up servers that need access to ... Rich Salz
- Re: starting up servers that need access... Ben Laurie
- Re: starting up servers that need a... Rich Salz
- Re: starting up servers that need access... Ted Lemon
- Re: starting up servers that need access... Eric Murray
- Re: starting up servers that need access to secr... Ted Lemon
- RE: starting up servers that need access to secrets Salz, Rich
- Re: starting up servers that need access to secrets Jeff . Hodges
