in reply to
Re: Re: Re: 'Restricted' data, an additional security mechanism for Perl.
in thread 'Restricted' data, an additional security mechanism for Perl.
Encryption can form part of a secure system, but regardless of how good your encryption is you still need to manage your data safely, and if you don't manage your data safely your encryption becomes irrelevant. Consider that you need to decrypt your data if you are to use it. You now have plain text, in a variable, in memory, which you are going to pass around a few method/function calls. Plus you have your key, as plain text, in a variable, in memory. You're probably going to pass the data to some code that you didn't write. At this point, you wish that you could somehow set a flag on your data to prevent it being written to a file, for instance - even if you audit all the code, including all its dependencies, are you sufficiently sure you didn't miss anything? Security audits are Hard.
Three years ago there was a tax evasion case in Denmark where the police "broke" the encryption on some files on computers they'd seized. Turns out that they didn't break the encryption at all, they retrieved the data and keys from plain text left on the disks.