On 21/03/13 10:07 AM, Jeffrey Walton wrote:
On Thu, Mar 21, 2013 at 2:52 AM, Tony Arcieri <tony.arci...@gmail.com> wrote:
https://github.com/livingsocial/keyspace
tl;dr: Keyspace provides "least authority" client-side encryption for
key/value stores using NaCl's crypto_secretbox (XSalsa20 + Poly1305) and
Ed25519 as part of a capability-based security model.
One problem I've dealt with quite frequently when deploying web applications
is how to keep sensitive configuration files (e.g. database credentials)
secret. I've longed for a system that provides end-to-end confidentiality
and data integrity. I think a reasonable goal is to never store secrets on
disk in plaintext form, and try to isolate all secret management to the heap
of the process in question. It's not perfect, and an attacker could still
get keys out of RAM, but it's certainly better than plaintext on disk
guarded by file permissions alone, which is the status quo as far as I can
tell.
On Windows and Apple platforms, one usually defers to the OS.
To play the devil's advocate, this is only a partial solution, and I
wonder why so many developers 'defer' so easily? Using the OS secrets
store has a number of drawbacks:
1. what happens when you lose the laptop?
2. what happens when the OS store gets updated and a bug loses your data?
3. what happens when you need to use two platforms? A phone and a
laptop? Or, any combination where there is incompatibility, impedance
or absence?
4. what happens when your enemy has insiders inside the OS provider?
5. what happens when your app wants to store something that the OS store
can't handle?
As an application provider, you may find that it is easy enough to use
the OS store, if you can afford to support all the platforms. But if
something goes wrong, you're still on the hook. No customer of your
application really cares what the excuse is, they want their data back.
Now, for my money, any application that has already developed a great
crypto security set can probably more easily do the primary secret
storing itself better and more cost-effectively (measured in code time)
than by using the OS store. And, in the process, it can provide the
user's backup context...
Linux has not warmed up to the fact that userland needs help in
storing secrets from the OS.
:) A singular observation.
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
