[openssl-users] Regarding the security of the keys
Mike Mohr
akihana at gmail.com
Wed Jul 22 04:09:01 UTC 2015
Actually that isn't quite right. A properly configured and tuned RBAC
<https://en.wikipedia.org/wiki/Grsecurity#Role-based_access_control> policy,
when combined with PaX <https://en.wikipedia.org/wiki/Grsecurity#PaX>, can
very effectively limit all userspace activity (including root access!). It
helps if you can also use a hardware security module
<https://en.wikipedia.org/wiki/Hardware_security_module> to protect your
key material.
On Tue, Jul 21, 2015 at 1:48 AM, Salz, Rich <rsalz at akamai.com> wrote:
> > If some one build their own openssl and add few lines to print the keys
> during encrypt and decrypt and put in the library in the LD_LIBRARY_PATH,
> may result in compromising the security of the keys.
>
> Can anyone other than root do this? You have to trust root. They could
> just cat your keyfile anyway.
>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150721/20454e24/attachment.html>
More information about the openssl-users
mailing list