@bascule what do you mean it's not authenticated? It's not checked against the client key when data is sent to the chef server?
Chef Encrypted Databags don’t authenticate data, FYI. Authentication pretty fundamental property of a secure cryptosystem /cc @opscode
-
-
-
@jmazzi it’s not using an authenticated encryption mode or a MAC -
@bascule that is a shame. Where in the source is data being handled? Or is this something you read? -
@jmazzi here's the code in question, and the complaints are my own: https://github.com/opscode/chef/blob/master/chef/lib/chef/encrypted_data_bag_item.rb … -
@bascule I don't think it would be that hard to change. I'm a chef contributor so I'll see if I can make some time.
End of conversation
New conversation -
-
-
- End of conversation
New conversation -
-
-
-
@jtimberman@opscode I’m using the term “authentication” in a cryptographic context, i.e. it hasn’t been tampered with -
@bascule e.g., digital signing?
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.