Dominique Devienne wrote:
we would be interested in encrypting.
But then it's a chicken-and-egg problem, no?
Where are you going to store the passwords to decrypt the passwords
read from properties files? --DD
I keep my password properties out of SCM, in a bit of the filesystem
that is NTFS encrypted FS. That is only semi-secure, but to make it
better the NTFS encrypt keys are kept in the laptop's TPM. you'd need
the secret TPM key to 0wn the system.
I dont think that is perfect because
-the TPM driver stores its secret key in the kernel mode driver memory
and does not ask for it again when the laptop hibernates. That implies
it gets stored to the hibernate file when the laptop goes into S5 state,
when it should really erase all knowledge of the key before shutting
down, and do it again on startup (in case the laptop did a battery
criticical S0-S5 transition without telling the drivers).
-you have to assume that there is a back door in the TPM for
governments. Why else would they let vista and osx ship with TPM
integration?
-If the next bit of the UK RIPE act is turned on, it will allow the
government to ask users for their private keys used for communications,
and imprison you if you dont turn them over. I will have to use
different keys for signing apps from ssh from PGP-emails.
-keystroke interceptors can get at your TPM password by subverting the
OS or the keyboard controller CPU, which does of course keep all its
firmware in the main BIOS.
Now, a USB memory stick with encrypted memory and a pin keypad on the
stick, that would be secure storage.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
