[cryptography] Keyspace: client-side encryption for key/value stores

ianG iang at iang.org
Mon Mar 25 06:57:34 EDT 2013


On 25/03/13 13:42 PM, Ben Laurie wrote:
> On 23 March 2013 16:21, danimoth <danimoth at cryptolab.net> wrote:
>> On 21/03/13 at 03:07am, Jeffrey Walton wrote:
>>> Linux has not warmed up to the fact that userland needs help in
>>> storing secrets from the OS.
>>>
>>
>> http://standards.freedesktop.org/secret-service/
>>
>> but maybe I have misunderstood your statement.
>
> Does anything implement this service?
>
> BTW, a colleague and I are working on improving the state of secret
> storage on Linux (and other free OSes), particularly using the TPM,
> but also in general, so I'm quite interested in suggestions :-)

I suggest more precision :)  Saying "secrets for Linux" is a bit like 
saying "dressing for Sunday."  Are you going to church or going skiing?

The storage of secrets for server linux will be markedly different to 
the storage of secrets on android phones.  One can rely on a strong 
context within the hard drive, sysadms who carefully back things up and 
ensure live cycle, a healthy skepticism of cloud.

The other gets stolen and borrowed and hacked and dropped in the washing 
machine and replaced by an iPhone or a dumb phone or wifi phone or a 
tablet...



iang


More information about the cryptography mailing list