| From: | tomas(at)tuxteam(dot)de |
|---|---|
| To: | Sam Halliday <sam(dot)halliday(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: RFE: Transparent encryption on all fields |
| Date: | 2009-04-27 04:43:59 |
| Message-ID: | 20090427044359.GC9979@tomas |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, Apr 26, 2009 at 04:40:33AM -0700, Sam Halliday wrote:
>
>
> Tomas Zerolo wrote:
> >
> > Note that I'm not talking about stealing the hardware, but hijacking,
> > trojanizing, whatever. That's the real threat, in this
> > Javascript/Flash/Silverlight infested world.
> >
>
> I'm still talking about theft of machines (particularly laptops) as that is
> a major threat. One need only read the British newspapers to discover story
> after story of articles where "sensitive information was on a laptop which
> was stolen". As pointed out elsewhere, psql + encrypted drive is entirely
> unpractical as no OS is setup to ask for an encrypted drive password on boot
> (similarly for headless machines, user interaction is required). A practical
> solution that accomplishes the same goals as the encrypted drive is
> necessary.
Now you are mixing things.
* A laptop (by definition *not* a headless machine) which you carry
around and has sensitive data on it: there is _no_ excuse not to
encrypt the drive. There are lots of options (TrueCrypt, for Linux
there's Luks, some laptop vendors provide their own). There are lots
of variants to enter the passphrase, some more convenient
(fingerprint, I'm a little wary of this one).
Same goes for removable media, e.g. thumb drives (they get lost too).
Note that this solution doesn't fly without user education: if your
laptop is stolen and then "mysteriously" re-appears you _have_ to
assume that some has jigged it. Don't enter the passphrase! Nuke it
and install from backup.
* "No OS is setup to ask for an encrypted drive on bootup" -- this is
a red herring. It's not the OS's job to do that, it's the mount
process (remember: it has to work on insertion of a thumb drive too).
TrueCrypt manages this fine, as does Luks. Doing that at boot time
for built-in media (my laptop does that) is just convenience.
* Server on a headless machine -- agreed. That's what we were talking
about.
But i fear we are getting seriously off-topic by now :-/
Regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJ9TgPBcgs9XrR2kYRAoeGAJ9nupOLzQ0X5Lh9R9utCPuzsCaU9gCfXhjd
kUUGAg96JJ9Tu9CZXKkJYOs=
=Gw7S
-----END PGP SIGNATURE-----
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martijn van Oosterhout | 2009-04-27 06:21:23 | Re: To know what a macro does |
| Previous Message | tomas | 2009-04-27 04:30:50 | Re: RFE: Transparent encryption on all fields |