...if the goal is to avoid storing a private key in plaintext, can that
private key live in a hardware store (PKCS#11, TPM, etc) instead?
On Thu, May 26, 2016 at 8:49 AM Steve Litt <slitt_at_troubleshooters.com>
wrote:
> On Thu, 26 May 2016 14:16:16 +0100
> Jonathan de Boyne Pollard <J.deBoynePollard-newsgroups_at_NTLWorld.com>
> wrote:
>
> > Christophe-Marie Duquesne:
> > > Any idea how to proceed?
> >
> > You're running a daemon. It really shouldn't have an interactive
> > user interface. Remember the lessons that resulted in Session 0
> > Isolation in Windows NT.
>
> The more I read of this thread, the more I think it's a bad idea to
> have a boot-instantiated daemon acquire a password by any means, and
> the more I think maybe a completely different approach might be more
> appropriate. So let me ask the original poster a few questions:
>
> * What does this daemon do?
> * How many users does the machine have?
> - At one time?
> - Ever?
> * Would all the machine's users be expected to know the password?
> * Did you write the daemon yourself?
> * Why does it need to be a supervised daemon, rather than just a
> program the user runs?
>
> Thanks,
>
> SteveT
>
> Steve Litt
> May 2016 featured book: Rapid Learning for the 21st Century
> http://www.troubleshooters.com/rl21
>
Received on Thu May 26 2016 - 14:44:55 UTC