Open Stack

Bhandaru, Malini K [mailto:malini.k.bhandaru at intel.com] wrote:


>> Every time a key is communicated it is put at risk. Therefore the best keys are generated in Server specific lockboxes,

>> *never* exposed in plain text and only transferred to other lockboxes under transaction specific encryption enabled

>> by the key-manager.



Ø  Malini: A communication is typically via https or ssl between services. When passing encrypted data between swift nodes

internally, that is the protection. The design proposes passing only the encrypted keys between the Swift node and the key-manager.





The goal is to protect data at rest. Data is at rest for *years*.



If I intercept the HTTPS communication sharing a storage encryption key and the disk drive, I can spend months cracking the
HTTPS encryption in order to get the key for the data on the drive I stole.



HTTPS or SSL is not intended to guard data against longer than real-time attacks. Anything that secures persistent storage must.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130123/e1c25acd/attachment.html>