Subj : Re: Anyone using PGP/GPG in here?
To   : StackFault
From : Vk3jed
Date : Thu Nov 08 2018 11:28 am

-=> On 11-07-18 07:19, StackFault wrote to Vk3jed <=-

 St> Encryption is a beast by itself. Many focus only on the data-in-transit
 St> aka network stream encryption (the TLS part) and often forget about the
 St> data-at-rest aka storage.

 St> I've seen numerous times people spending countless hours securing
 St> traffic, disabling weak ciphers and setting up strong keys, but keeping
 St> the data in clear on the database backend once received.

Yep, encryption is only as secure as the weakest link, and unencrypted
databases can be a particularly soft target.  The offline mail system was good
in that regard, in that the plaintext message only ever existed as a temporary
file.  On the BBS the message was still ciphertext.  Sure, one could
forensically trawl the local HDD for the plaintext, but how many BBS messages
are going to attract that level of scrutiny? (and if the spooks have your HDD,
they have your private key as well anyway). :)


.... All right who's been cooking hot dogs in the Warp Drive?
=== MultiMail/Win v0.51
--- SBBSecho 3.03-Linux
 * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)

.