Richard Pieri wrote:
> Tom Metro wrote:
>> They're encrypted too, with keys only held in memory.
>
> Then your disaster recovery options are nil. An encrypted backup that
> cannot be decrypted is mostly useless
Sorry, I thought it was obvious that the keys had to come from
somewhere. (Somewhe
Tom Metro wrote:
Oh, physical security is already excellent in this scenario. Locked
cage, 24/7 CCTV, and a security guard. The weakness is that your server
is in a data center owned by a 3rd party, who can simply hand the keys
over to someone else.
I must disagree with your assessment of "exce
On Sat, Nov 09, 2013 at 03:55:18PM -0400, Tom Metro wrote:
> > ...there's a simple...way for me to circumvent all of your
> > clever...self-destructs... I go after your backups.
>
> They're encrypted too, with keys only held in memory.
No. They're encrypted, with keys written down on paper and he
Richard Pieri wrote:
> Tom Metro wrote:
>> The scenario is that you have strongly encrypted data on disk,
>> decryption keys in memory, an OS configured so that it doesn't do
>> something stupid, like write the keys to unencrypted swap space, and an
>> OS hardened enough that physical access to the
We tend to go over the basics every time someone else asks the
question that begs for basic answers.
Few, if any of us, review archives, wikis, or do general searches
before asking questions. If we did, the list would be full of cricket
noises. That is why I tend to not reply to most of the post
> From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> bounces+blu=nedharvey@blu.org] On Behalf Of Jack Coats
>
> I found having 'enough ram', don't configure swap, or swap to a
How many times have we had this conversation? Agreed you should never swap
active memory, and there
> From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> bounces+blu=nedharvey@blu.org] On Behalf Of Kent Borg
>
> On 11/08/2013 06:15 AM, Stephen Adler wrote:
> > I'm thinking of upgrading my linux system by adding an SSD drive to
> > use as my system disk. Has anyone done this? A
