Re: FN-FORUM: secure sites, encryption etc

date posted 3rd August 2004 22:49

Charles Lecklider [EMAIL REMOVED] writes:

> has to be able to read it, so by definition it's already got the key.
> You really need to work out what you're trying to protect the data from
> before you can decide if you need to encrypt it.
>

As somebody mentioned earlier it depends on the problem. One
possibility is to encrypt confidential data as soon as it is submitted
by the site, and encrypt it using public-key cryptography; e.g. gpg. In
this case you use the public key of the offline/backend server (which is
not connected to the Internet) so that even if someone gets access to
the database, the confidential data is still as secure as gpg. As far
as I know that's pretty secure.

There /may/ be a brief period of using insecure memory during the
encryption process, but it certainly reduces the risk. If this is the
case you will likely be using insecure memory *whatever* the process you
choose.

In this way the online server, lacking the private key, does not have
the ability to decrypt the data.

You then transfer the data to the backend system, where it can be
decrypted and more safely stored.

--
Jonathan