12.04.2018 16:51, Alex Peshkoff via Firebird-devel wrote:
For example - KeyHolder has a private key of RSA pair, client software - a public one. Before sending something over the wire it's encrypted with public RSA, to decrypt it private part of pair is needed. Servers that do not have right private RSA key can receive the message but it's a garbage for them. Actual protocol should better be more complex - at least with salt to avoid sending same packet for same key.
And it is still useless because at that point key holder cannot know which crypt plugin or database it will be working with (if any). So, any decrypted key is just lying in memory waiting for intruder to catch it.
-- WBR, SD. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
