Chef Encrypted Databags don’t authenticate data, FYI. Authentication pretty fundamental property of a secure cryptosystem /cc @opscode
-
-
Replying to @jtimberman
@jtimberman@opscode the solution is to use a MAC (e.g. HMAC) with a separate key, or an authenticated encryption mode such as EAX or GCM1 reply 0 retweets 0 likes -
Replying to @jtimberman
@jtimberman that won't help if someone tampers with the data through a sidechannel, e.g. Couch. It should really be authenticated end-to-end2 replies 0 retweets 0 likes -
Replying to @bascule
@bascule@jtimberman I've always wondered why the encryption for data-bags wasn't more closely integrated with Client key pairs.1 reply 0 retweets 0 likes
Replying to @fujin_
@fujin_ @jtimberman IMO every encrypted databag should have a unique (EC)DSA key for authenticating values. I'm trying that at @livingsocial
6:35 PM - 8 Aug 2012
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.