tav schrieb: >> Why is it significantly easier to protect the key[s] >> used for the encryption than the storage itself? > > > one could always passphrase-protect the key, i.e. use symmetric encryption. > > admittedly, this could potentially be brute-forced, but ... should be > good enough for most purposes? > And how does your Application (Zope) access the storage? Exactly. It needs the key - if it has the key - the "attacker" can just read the data thru the application.
In the end this does not buy you anything but overhead. If you want to encrypt, just use a crypted filesystem as DM already suggested. Best performance, best transparency and well tested. _______________________________________________ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev