Re: When to encrypt

From: Daniel Martini <dmartini(at)uni-hohenheim(dot)de>
To: Greg Stark <gsstark(at)mit(dot)edu>
Cc: Martijn van Oosterhout <kleptog(at)svana(dot)org>, pgsql-general(at)postgresql(dot)org
Subject: Re: When to encrypt
Date: 2004-12-07 08:31:37
Message-ID: 1102408297.41b56a6975087@webmail.uni-hohenheim.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hi,

Citing Greg Stark <gsstark(at)mit(dot)edu>:
> Martijn van Oosterhout <kleptog(at)svana(dot)org> writes:
> > Actually, hard disk encryption is useful for one thing: so if somebody
> > kills the power and takes the hard disk/computer, the data is safe.
> > While it's running it's vulnerable though...
>
> Where do you plan to keep the key?

Well, where do you plan to keep the key for your encrypted backup tapes,
like you suggested in another post in this thread ;-)
That's pretty much the same problem.

Anyways, there are a bunch of solutions to this problem. All the good
ones require manual intervention (key entry, not necessarily by hand)
in case of the encrypted partition being brought from the unmounted
into the mounted state and rely on a certain person or a group of people
being trusted. Problem one (man. intervention) will not be a problem
at all, if the data is really valuable. Problem two (trust) is more
difficult. The more you distribute a single key across different people
and media, the less trust you will need in every single person, but the
more difficult will it be to conveniently access the data.

Regards,
Daniel

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Per Jensen 2004-12-07 08:37:18 Re: Index scan vs. Seq scan on timestamps
Previous Message Michael Fuhr 2004-12-07 08:31:13 Re: Drop table