Skip site navigation (1) Skip section navigation (2)

Re: RFE: Transparent encryption on all fields

From: tomas(at)tuxteam(dot)de
To: Sam Halliday <sam(dot)halliday(at)gmail(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: RFE: Transparent encryption on all fields
Date: 2009-04-27 04:43:59
Message-ID: 20090427044359.GC9979@tomas (view raw or flat)
Thread:
Lists: pgsql-hackers
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Apr 26, 2009 at 04:40:33AM -0700, Sam Halliday wrote:
> 
> 
> Tomas Zerolo wrote:
> > 
> > Note that I'm not talking about stealing the hardware, but hijacking,
> > trojanizing, whatever. That's the real threat, in this
> > Javascript/Flash/Silverlight infested world.
> > 
> 
> I'm still talking about theft of machines (particularly laptops) as that is
> a major threat. One need only read the British newspapers to discover story
> after story of articles where "sensitive information was on a laptop which
> was stolen". As pointed out elsewhere, psql + encrypted drive is entirely
> unpractical as no OS is setup to ask for an encrypted drive password on boot
> (similarly for headless machines, user interaction is required). A practical
> solution that accomplishes the same goals as the encrypted drive is
> necessary.

Now you are mixing things.

 * A laptop (by definition *not* a headless machine) which you carry
   around and has sensitive data on it: there is _no_ excuse not to
   encrypt the drive. There are lots of options (TrueCrypt, for Linux
   there's Luks, some laptop vendors provide their own). There are lots
   of variants to enter the passphrase, some more convenient
   (fingerprint, I'm a little wary of this one).

   Same goes for removable media, e.g. thumb drives (they get lost too).

   Note that this solution doesn't fly without user education: if your
   laptop is stolen and then "mysteriously" re-appears you _have_ to
   assume that some has jigged it. Don't enter the passphrase! Nuke it
   and install from backup.

 * "No OS is setup to ask for an encrypted drive on bootup" -- this is
   a red herring. It's not the OS's job to do that, it's the mount
   process (remember: it has to work on insertion of a thumb drive too).
   TrueCrypt manages this fine, as does Luks. Doing that at boot time
   for built-in media (my laptop does that) is just convenience.

 * Server on a headless machine -- agreed. That's what we were talking
   about.

But i fear we are getting seriously off-topic by now :-/

Regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJ9TgPBcgs9XrR2kYRAoeGAJ9nupOLzQ0X5Lh9R9utCPuzsCaU9gCfXhjd
kUUGAg96JJ9Tu9CZXKkJYOs=
=Gw7S
-----END PGP SIGNATURE-----

In response to

pgsql-hackers by date

Next:From: Martijn van OosterhoutDate: 2009-04-27 06:21:23
Subject: Re: To know what a macro does
Previous:From: tomasDate: 2009-04-27 04:30:50
Subject: Re: RFE: Transparent encryption on all fields

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group