Jim Starkey wrote:
> Problem: How to start server on encrypted database files
> with a human to supply a password.
...
At the risk of emphasising my prejudice in favour of using
specialised products to manage encrypted volumes, have you
looked at how products like VeraCrypt (fork from TrueCrypt)
On Monday, August 24, 2015, Adriano dos Santos Fernandes <
adrian...@gmail.com> wrote:
>
> You're here mainly to build ideas for your products, not for Firebird,
> so it's not about open source.
>
> Sorry, but you're the first to complain about early expose to new ideas.
It must be very distractin
On 24/08/2015 10:06, Scott Morgan wrote:
> It's not simply an either/or situation, there is a place and use for
> encryption as a deterrent in these cases, however technically flawed it
> may be. You'll never stop a determined thief, true, but you can at least
> deter the far more numerous casual o
On 24/08/2015 10:24, James Starkey wrote:
>
>
> On Monday, August 24, 2015, Adriano dos Santos Fernandes
> mailto:adrian...@gmail.com>> wrote:
>
> On 24/08/2015 09:16, James Starkey wrote:
> >
> > No problem other than this requires that database account
> credentials
> > be on
On Monday, August 24, 2015, Brian Vraamark
wrote:
>
> If you have 50 clients, you have 50 ways to access the master encryption
> key (database encryption key). If you steal the client-vaults, server-vault
> and the database, there would be 50 persons with a password that can
> decrypt the databas
Fra: Adriano dos Santos Fernandes [mailto:adrian...@gmail.com]
On 24/08/2015 09:16, James Starkey wrote:
>>
>> No problem other than this requires that database account credentials
>> be on the client disk and therefor theoretically available to an attacker.
>>
>> There is no way to make any of
On Monday, August 24, 2015, Adriano dos Santos Fernandes <
adrian...@gmail.com> wrote:
> On 24/08/2015 09:16, James Starkey wrote:
> >
> > No problem other than this requires that database account credentials
> > be on the client disk and therefor theoretically available to an
> attacker.
> >
> >
On Monday, August 24, 2015, Ray Cote
wrote:
> What about integrating with an external credentials store such as:
> http://xordataexchange.github.io/crypt/?
> Granted, it means FB is dependent on an external library application.
>
That's just a vault. Nothing hard or exotic about building a vaul
On 24/08/15 13:28, Adriano dos Santos Fernandes wrote:
> I think people should understand that they cannot put their own software
> with the database on a customer and avoid him to stole database data and
> objects in this situation.
>
> This security is fake. It can only be beneficial for some
>
Fra: James Starkey [mailto:j...@jimstarkey.net]
>> One question in regards to your idea. Can gbak run without using the
>> encryption key? If not how can I make unattended scheduled backups?
> No problem other than this requires that database account credentials be on
> the client disk and ther
What about integrating with an external credentials store such as:
http://xordataexchange.github.io/crypt/?
Granted, it means FB is dependent on an external library application.
On Sat, Aug 22, 2015 at 11:36 AM, Jim Starkey wrote:
> Problem: How to start server on encrypted database files with
On 24/08/2015 09:16, James Starkey wrote:
>
> No problem other than this requires that database account credentials
> be on the client disk and therefor theoretically available to an attacker.
>
> There is no way to make any of this easy.
I think it's clear that when you mix:
- A possible attacker
>
> Fra: James Starkey [mailto:j...@jimstarkey.net ]
> Sendt: 23. august 2015 02:20
> Til: For discussion among Firebird Developers
> Emne: Re: [Firebird-devel] Brainstorming Secure Unattended Start w/
> Encrypted Files
>
> One of the tenants of moderm cryptology is
Reversing DPAPI and Stealing Windows Secrets Offline
https://www.elie.net/publication/reversing-dpapi-and-stealing-windows-secrets-offline
http://dpapick.com/
On Sun, Aug 23, 2015 at 3:19 AM, James Starkey wrote:
> One of the tenants of moderm cryptology is that algorithms and mechanisms
> have
orming Secure Unattended Start w/ Encrypted
Files
One of the tenants of moderm cryptology is that algorithms and mechanisms have
to be published for analysis and review. The basic idea is that security is
based on a mathematical impossibility that a cryptosystem cabe be broken within
th
James Starkey wrote:
> Once it was belived that nobody could get fired for going IBM
> (SNA anyone? Anyone?).
I worked with SNA / SDLC for some years. I don't remember
anyone getting fired for choosing it.
--
Geoff Worboys
Telesis Computing Pty Ltd
--
One of the tenants of moderm cryptology is that algorithms and mechanisms
have to be published for analysis and review. The basic idea is that
security is based on a mathematical impossibility that a cryptosystem cabe
be broken within the time remaining in the universe. The once dominant
idea was
> I have a strong preference for portable, transparent solutions.
That I can understand and would always be the best solution, but not always
possible.
> There is also the small point that it has been broken (see Wikipedia).
As I read it, it was mostly before Windows XP. Since Windows Server
On Saturday, August 22, 2015, Brian Vraamark
wrote:
> On windows you can use DPAPI. I don't know if Linux (and other systems)
> has something similar (maybe Gnome-Keyring?).
>
>
I have a strong preference for portable, transparent solutions. In theory,
Microsoft has the same problem that unatten
g Firebird Developers
Emne: [Firebird-devel] Brainstorming Secure Unattended Start w/ Encrypted Files
Problem: How to start server on encrypted database files with a human to
supply a password.
Idea: Assume SRP is being used for authentication and that all (or most or
some) are using long, randomly
Problem: How to start server on encrypted database files with a human to
supply a password.
Idea: Assume SRP is being used for authentication and that all (or most or
some) are using long, randomly generated passwords from a client-side vault (or
equivalent). This means that it is safe to st
21 matches
Mail list logo
