Encryption, paranoia and virtual machines
Jamon Camisso
jamon.camisso-H217xnMUJC0sA/PxXw9srA at public.gmane.org
Fri Nov 25 18:03:09 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/25/2011 12:35 PM, Christopher Browne wrote:
> Translucent databases provide better, deeper protection by scrambling
> the data with encryption algorithms. The solutions use the minimal
> amount of encryption to ensure that the database is still functional.
> In the best applications, the personal and sensitive information is
> protected but the database still delivers the information."
>
> The approach that Wayner's book takes is that data that is supposed to
> be secure is encrypted before it reaches the host, with the
> consequence that encryption keys never need to be on that host, which
> is essential to maintain trust when you *don't* trust the system
> administrator.
That's an interesting approach and makes sense for some use cases.
However, it presumes that unencrypted data coming from source X never
hits a disk somewhere. If X doesn't have disk encryption for every
location where data might be written, then it is a weak point regardless
of how secure the database is.
For example, assuming physical access, what is to prevent someone from
running a forensic recovery tool on say /var/spool files, or on a swap
partition if either location handled data destined for the encrypted
database?
For me at least, while encrypting the whole disk is definitely a
shot-gun approach, the overhead is slight and reduces complexity. I
certainly don't notice any performance issues with AES on an SSD.
Jamon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJOz9hYAAoJEDJp9n+rTckFvoQP/1oQEn1o4Ltq+iRAKyNH/9uj
lY2MebNOMRjbP1lVxtjWsAZk9YmfJBEh2f1G3FD39fPC50AeC+W6xHL1J+lhwVK1
u1mmFwu5sIIB7eL32Wu0RPLSYqlJzl19JmmL/r+v3V5IIyFp0xxlZpavoAfeVXPu
tuXSqLlWzjFmZs1oL638vd1NLoloxLuyacjQN9Q8mydXgj2Uci7ymH2BskEOmf1a
FSRW3Aem8MTlVT/VM8R9Jn+2wn4MZAIQ4vbz9N9IXfBDlgWE76ge3nYb9DGTgkRw
GTM5/yXZxbxU5Bcbn7AK4Xw2LFVMsUpiYKZ4FI2s8cdMF9oxLfyk1KGcICGsghH8
5rF63OSu9+V0gakgkhmnBomNBuMizl9h0ySkqAe689tZkXWFf3+8QYKMDtyhf6Ui
kzNJk+gVuprgBlQcZubdYBkhcbCHKyPJEo/pm8cgKHlsZ8kd1DBmi6UO7EVB7JXP
0tsgsEEuxMtI5tpWMQIldz2SgpOrm12XdZPYFMlGsl6sf39vp1ILedO0ky21bNPW
+jhuy9KgXDPt7eayjh0KMu0M0U9jrw4LIyzCgubR1/upbF09TYzM+drp6kdOD0AC
lvwPfwDLFfR3h0AR0bTpyaRe/KE2S3+2R1HOTxigikZZKynpNTSg4wSzTacm51Yi
NbkQOFiw0zi3fRGRFoPW
=FA7w
-----END PGP SIGNATURE-----
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list