Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Cold Boot Attacks on Encryption Keys



Tom Metro wrote:
> Oh, physical security is already excellent in this scenario. Locked
> cage, 24/7 CCTV, and a security guard. The weakness is that your server
> is in a data center owned by a 3rd party, who can simply hand the keys
> over to someone else.

I must disagree with your assessment of "excellent". If a third party 
has physical access to your equipment and data then that equipment and 
data are not secure. If that third party has a greater interest in 
serving itself or other parties than it has in serving you then that 
equipment and data are distinctly vulnerable.


> They're encrypted too, with keys only held in memory.

Then your disaster recovery options are nil. An encrypted backup that 
cannot be decrypted is mostly useless except for maybe being an example 
of how not to run a backup system.

Dan's suggestion is great if legal threats are included in your threat 
model. Otherwise locked in a safe requiring two different security 
officers to unlock.

-- 
Rich P.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org