[cryptography] Keyspace: client-side encryption for key/value stores

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Mar 22 08:50:28 EDT 2013


Thierry Moreau <thierry.moreau at connotech.com> writes:

>Client-side storage of long-term secrets can only be secured by dedicated
>client-side hardware. Your mileage may vary.

In a perfect world, yes.  However having an OS-provided, standardised
mechanism that gets things mostly right (Apple Keyring) is far, far better
than forcing every developer to invent their own one (Unix and to a lesser
extent Windows), which 90% will get wrong.

Peter.



More information about the cryptography mailing list