cayenne-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aristedes Maniatis <...@maniatis.org>
Subject Re: Interceptable ExtendedType
Date Thu, 13 Mar 2014 08:06:46 GMT
On 13/03/2014 6:31pm, Andrus Adamchik wrote:
> 
> On Mar 13, 2014, at 10:05 AM, Aristedes Maniatis <ari@maniatis.org> wrote:
> 


>> It would be nice public relations to have "Cayenne has out-of-the-box crypto support"
as a feature. Are you storing a key version as part of the encrypted data stream?
> 
> I am still working on this piece actually. It has to be attached to the record. The question
is whether we keep it unencrypted (simplifies management and migration between keys), or encrypt
it together with the data (more secure).


I don't see any value in encrypting it. What security does that create? Also, keeping it in
the same database column makes for simpler storage and robustness. Much like storing the salt
with a password hash, or the hashing algorithm with the password in LDAP:

86gwfku:tgiynv45zpyqaqqpucnp3f8k8uk3dzqy

{SSHA}ddrd686254iteu9gqsz4aztufkgbctuz


Ari




-- 
-------------------------->
Aristedes Maniatis
GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A

Mime
View raw message