Chef Encrypted Databags don’t authenticate data, FYI. Authentication pretty fundamental property of a secure cryptosystem /cc @opscode
@jtimberman that won't help if someone tampers with the data through a sidechannel, e.g. Couch. It should really be authenticated end-to-end
-
-
@bascule@jtimberman I've always wondered why the encryption for data-bags wasn't more closely integrated with Client key pairs. -
@fujin_@jtimberman IMO every encrypted databag should have a unique (EC)DSA key for authenticating values. I'm trying that at@livingsocial
End of conversation
New conversation -
-
-
@bascule Direct database access is another matter :)..Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.