On 13/03/2014 6:31pm, Andrus Adamchik wrote:
>
> On Mar 13, 2014, at 10:05 AM, Aristedes Maniatis <[email protected]> wrote:
>
>> It would be nice public relations to have "Cayenne has out-of-the-box crypto
>> support" as a feature. Are you storing a key version as part of the
>> encrypted data stream?
>
> I am still working on this piece actually. It has to be attached to the
> record. The question is whether we keep it unencrypted (simplifies management
> and migration between keys), or encrypt it together with the data (more
> secure).
I don't see any value in encrypting it. What security does that create? Also,
keeping it in the same database column makes for simpler storage and
robustness. Much like storing the salt with a password hash, or the hashing
algorithm with the password in LDAP:
86gwfku:tgiynv45zpyqaqqpucnp3f8k8uk3dzqy
{SSHA}ddrd686254iteu9gqsz4aztufkgbctuz
Ari
--
-------------------------->
Aristedes Maniatis
GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A
