Regarding the security of the keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Actually that isn't quite right.  A properly configured and tuned RBAC
<https://en.wikipedia.org/wiki/Grsecurity#Role-based_access_control> policy,
when combined with PaX <https://en.wikipedia.org/wiki/Grsecurity#PaX>, can
very effectively limit all userspace activity (including root access!).  It
helps if you can also use a hardware security module
<https://en.wikipedia.org/wiki/Hardware_security_module> to protect your
key material.

On Tue, Jul 21, 2015 at 1:48 AM, Salz, Rich <rsalz at akamai.com> wrote:

> > If some one build their own openssl and add few lines to print the keys
> during encrypt and decrypt and put in the library in the LD_LIBRARY_PATH,
> may result in compromising the security of the keys.
>
> Can anyone other than root do this?  You have to trust root.  They could
> just cat your keyfile anyway.
>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150721/20454e24/attachment.html>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux