tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: cgd and remote keys



|  Just additional note, it is possible to store /etc/cgd/* content on usb
|  memory, already tested. You just need to add a line into /etc/fstab. 

  I was thinking about that (keeping local data safe yet not be a
hassle on every reboot) some time ago and came up with three variants:

  - an USB storage on a cable, reasonably secured (ie. bolted to the
    wall, so an attacker is more likely to just plug it off)
  - a bluetooth device for key storage that could be hidden/securely
    mounted somewhere nearby the server
  - a remote server that only responds to the expected IP address
    (which causes pain when your internet connection goes down)

  Additional brownie points given for auto-destruction which seems
necessary wrt recent legislation in certain parts of the world ("Sorry,
I don't have the key, your [law enforcement] agents destroyed it when
they confiscated the server").

  Cheers,

        mjl




Home | Main Index | Thread Index | Old Index