-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Schwartz Sent: Thursday, May 31, 2007 7:17 PM To: openssl-users@openssl.org Subject: RE: Saving (and restoring) cipher context
> I think your argument is based on a false premise. In the majority of > real-world cases, the server is much more secure generally than the clients > are. Storing the keys on the server is likely going to be safer than storing them on the client. I just wanted to raise the point that if symmetric keys are stored in an unprotected state on the same server as the encrypted data, I see little benefit of doing the encryption if a against compromise leads to both the keys and ciphertexts. If no additional protection (such as PBE, RSA, etc.) is used to secure the symmetric keys in this scenario, then encryption provides little additional security. Of course it is an assumption that the symmetric keys are in no way protected, but I thought I should mention it mention given that it was said public key cryptography was not currently being used. Best Regards, Jason ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]