Re: Apache ap_getpass vulnerability

[Carson Gaspar <carson () taltos org>]

--On Sunday, November 05, 2000 11:25 AM -0800 "Jon Paul, Nollmann"
<sinster () DARKWATER COM> wrote:

> It's a choice that's been made technologically: it's unworkable to
> have the private key encrypted, so its left unencrypted.  If you have
> the key encrypted and arrange for some other mechanism for the server
> to automagically get the passphrase at startup, then that's equivalent
> to having the private key unencrypted on the hard disk: all the data
> is there on the machine that's necessary to unencrypt the private key.

Who said anything about it happening automatically, much less
automagically? Someone (or ones, if you use secret sharing) ethers a
passphrase every time the web server is restarted. As I said you trade off
operational complexity against security.

> It's unavoidable.

See above.

--
Carson Gaspar -- carson () taltos org
Queen Trapped in a Butch Body