Re: Re: Encryption keys aren't safe on servers, report warns

[Adam Shostack <adam@homeport.org>]

On Mon, Jan 10, 2000 at 12:11:09PM -0800, Alan Olsen wrote:
| > Solution:  Store the keys in the server with redundancy to prevent this sort of
| > attack and turn them into 'keys' only before you pass them to your cyphers.
| > 
| > Store them as text strings spelling out words: "One, five, three, nine, four"
| > or whatever scheme.  These will be less random, but of course the attacker can
| > adapt his algorithm to specifically look for strings of that nature, etc. :)

This would likely work, for a performance hit.

| Or you can just have all sorts of bogus random data lying around looking
| like keys.

Acutally, that doesn't work well; you can do some sample modexps with
the data to confirm that you've found the right key.  (See the paper.)

| Of course, this is security by obscurity, but if they have already hacked
| your server to get this far, you are already in deep shit.

As Adi and Nicko point out, many virtual hosting sites sell you
exactly this access.  Not that you're not in deep shit if you buy into 
one, but the hw solution does work for this, assuming that NCipher
designed the ACLs and the calls correctly.

Adam


-- 
      Tired of co-workers slowing you down?  Leave them behind.
		    http://jobs.zeroknowledge.com