At 01:50 PM 4/20/96 +0000, umwalber@cc.UManitoba.CA wrote:
An ISP that I have ties with is looking to set up a secure server. Currently, they are running Apache. I told them that for ~$500 they can put on Apache SSL and be all ready. However, they want to buy Netscape (for the name, I've already given them the 40bit gospel), put it on a separate, firewalled machine, allow no access to it, etc, etc. Is all this paranoia necessary?
If they're handling money, then, yes, the paranoia is probably necessary. Aside from the 40-bit vs. 128-bit issue, one of the big security risks of SSL and similar systems is that the server they run on is typically sitting right out there on the Internet waiting for somebody to crack it, and keeping credit card information on the same rather than handing the encrypted information across some secure interface (whether a firewall or dedicated RS232 or whatever.) A bulletproof 128-bit interface doesn't help if it's running on a cracked machine. Putting it on a separate firewalled machine is a Good Thing. # Thanks; Bill # Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
If they're handling money, then, yes, the paranoia is probably necessary. Aside from the 40-bit vs. 128-bit issue, one of the big security risks of SSL and similar systems is that the server they run on is typically sitting right out there on the Internet waiting for somebody to crack it, and keeping credit card information on the same rather than handing the encrypted information across some secure interface (whether a firewall or dedicated RS232 or whatever.) A bulletproof 128-bit interface doesn't help if it's running on a cracked machine. Putting it on a separate firewalled machine is a Good Thing.
Yes, and being able to review the source code of the server for security holes is also Important, if you are dealing with real money. -- Sameer Parekh Voice: 510-601-9777x3 Community ConneXion, Inc. FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.net/ (or login as "guest") sameer@c2.net
What is the best free/shareware program for protecting(and I mean government-strength encryption) a Mac folder or creating a protected Mac volume? Additionally, are any of the commercial products available safer than these free/shareware ones? Thanks, Philip --=--=====--=--=====--=--=====--=--=====--=--=====--=-- Philip Trauring philip@cs.brandeis.edu 617-736-6702 "knowledge is my addiction, information is my drug" http://www.cs.brandeis.edu/~philip/ --=--=====--=--=====--=--=====--=--=====--=--=====--=--
I use Cryptdisk. I suspect its better than any of the ones you pay for. Most of them try to do too much, and thus probably fail. Also, most of them are no marked 'Export Controlled,' which incidates a scary lack of knowledge on the part of the companies. Bruce Schneier wrote 'Protect Your Macintosh.' http://www.peachpit.com/peachpit/titles/catalog/48436.html Adam Philip Trauring wrote: | | | What is the best free/shareware program for protecting(and I mean | government-strength encryption) a Mac folder or creating a protected Mac | volume? | | Additionally, are any of the commercial products available safer than these | free/shareware ones? | | Thanks, | Philip | | --=--=====--=--=====--=--=====--=--=====--=--=====--=-- | Philip Trauring philip@cs.brandeis.edu 617-736-6702 | "knowledge is my addiction, information is my drug" | http://www.cs.brandeis.edu/~philip/ | --=--=====--=--=====--=--=====--=--=====--=--=====--=-- | | | -- "It is seldom that liberty of any kind is lost all at once." -Hume
On Wed, 24 Apr 1996, Philip Trauring wrote:
What is the best free/shareware program for protecting(and I mean government-strength encryption) a Mac folder or creating a protected Mac volume?
CryptDisk looks pretty secure. Shareware as I recall.
Additionally, are any of the commercial products available safer than these free/shareware ones?
As far as I know, most commercial encryption for the mac is trash. --- My preferred and soon to be permanent e-mail address:unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com
participants (5)
-
Adam Shostack -
Bill Stewart -
Black Unicorn -
Philip Trauring -
sameer@c2.org