Fra: James Starkey [mailto:j...@jimstarkey.net]
One question in regards to your idea. Can gbak run without using the
encryption key? If not how can I make unattended scheduled backups?
No problem other than this requires that database account credentials be on
the client disk and therefor
On 24/08/15 13:28, Adriano dos Santos Fernandes wrote:
I think people should understand that they cannot put their own software
with the database on a customer and avoid him to stole database data and
objects in this situation.
This security is fake. It can only be beneficial for some
On 24/08/2015 09:16, James Starkey wrote:
No problem other than this requires that database account credentials
be on the client disk and therefor theoretically available to an attacker.
There is no way to make any of this easy.
I think it's clear that when you mix:
- A possible attacker has
On Monday, August 24, 2015, Ray Cote rgac...@appropriatesolutions.com
wrote:
What about integrating with an external credentials store such as:
http://xordataexchange.github.io/crypt/?
Granted, it means FB is dependent on an external library application.
That's just a vault. Nothing hard or
Fra: Adriano dos Santos Fernandes [mailto:adrian...@gmail.com]
On 24/08/2015 09:16, James Starkey wrote:
No problem other than this requires that database account credentials
be on the client disk and therefor theoretically available to an attacker.
There is no way to make any of this
...@jimstarkey.net javascript:;]
Sendt: 23. august 2015 02:20
Til: For discussion among Firebird Developers
Emne: Re: [Firebird-devel] Brainstorming Secure Unattended Start w/
Encrypted Files
One of the tenants of moderm cryptology is that algorithms and mechanisms
have to be published for analysis
What about integrating with an external credentials store such as:
http://xordataexchange.github.io/crypt/?
Granted, it means FB is dependent on an external library application.
On Sat, Aug 22, 2015 at 11:36 AM, Jim Starkey j...@jimstarkey.net wrote:
Problem: How to start server on encrypted
On 24/08/2015 10:24, James Starkey wrote:
On Monday, August 24, 2015, Adriano dos Santos Fernandes
adrian...@gmail.com mailto:adrian...@gmail.com wrote:
On 24/08/2015 09:16, James Starkey wrote:
No problem other than this requires that database account
credentials
On Monday, August 24, 2015, Adriano dos Santos Fernandes
adrian...@gmail.com wrote:
You're here mainly to build ideas for your products, not for Firebird,
so it's not about open source.
Sorry, but you're the first to complain about early expose to new ideas.
It must be very distracting.
On Monday, August 24, 2015, Brian Vraamark brian.vraam...@plandent.dk
wrote:
If you have 50 clients, you have 50 ways to access the master encryption
key (database encryption key). If you steal the client-vaults, server-vault
and the database, there would be 50 persons with a password that
Jim Starkey wrote:
Problem: How to start server on encrypted database files
with a human to supply a password.
...
At the risk of emphasising my prejudice in favour of using
specialised products to manage encrypted volumes, have you
looked at how products like VeraCrypt (fork from TrueCrypt)
On 24/08/2015 10:06, Scott Morgan wrote:
It's not simply an either/or situation, there is a place and use for
encryption as a deterrent in these cases, however technically flawed it
may be. You'll never stop a determined thief, true, but you can at least
deter the far more numerous casual
Secure Unattended Start w/ Encrypted
Files
One of the tenants of moderm cryptology is that algorithms and mechanisms have
to be published for analysis and review. The basic idea is that security is
based on a mathematical impossibility that a cryptosystem cabe be broken within
the time remaining
Reversing DPAPI and Stealing Windows Secrets Offline
https://www.elie.net/publication/reversing-dpapi-and-stealing-windows-secrets-offline
http://dpapick.com/
On Sun, Aug 23, 2015 at 3:19 AM, James Starkey j...@jimstarkey.net wrote:
One of the tenants of moderm cryptology is that algorithms and
One of the tenants of moderm cryptology is that algorithms and mechanisms
have to be published for analysis and review. The basic idea is that
security is based on a mathematical impossibility that a cryptosystem cabe
be broken within the time remaining in the universe. The once dominant
idea
James Starkey wrote:
Once it was belived that nobody could get fired for going IBM
(SNA anyone? Anyone?).
I worked with SNA / SDLC for some years. I don't remember
anyone getting fired for choosing it.
--
Geoff Worboys
Telesis Computing Pty Ltd
I have a strong preference for portable, transparent solutions.
That I can understand and would always be the best solution, but not always
possible.
There is also the small point that it has been broken (see Wikipedia).
As I read it, it was mostly before Windows XP. Since Windows Server
On Saturday, August 22, 2015, Brian Vraamark brian.vraam...@plandent.dk
wrote:
On windows you can use DPAPI. I don't know if Linux (and other systems)
has something similar (maybe Gnome-Keyring?).
I have a strong preference for portable, transparent solutions. In theory,
Microsoft has the
Problem: How to start server on encrypted database files with a human to
supply a password.
Idea: Assume SRP is being used for authentication and that all (or most or
some) are using long, randomly generated passwords from a client-side vault (or
equivalent). This means that it is safe to
Developers
Emne: [Firebird-devel] Brainstorming Secure Unattended Start w/ Encrypted Files
Problem: How to start server on encrypted database files with a human to
supply a password.
Idea: Assume SRP is being used for authentication and that all (or most or
some) are using long, randomly generated
20 matches
Mail list logo
