Jump to content
RESET Forums (homeservershow.com)

Queries on encryption key protection.


Recommended Posts

we are planning to host our database on cloud storage. Hopefully, it would help us cut on server maintenance and technical  support. Before we change I have to clarify certain doubts, which I hope will be cleared from here.


I read about encryption key management issues for the cloud storage. https://nci.ca/preventing-key-management-challenges-in-cloud-security/ . They have told to use a different SSH keypair. What is the meaning of that? How can the encryption keys be hacked? Is it from the login point or from the cloud server? 


I would greatly appreciate your help in understanding these terms. Need your advice.


Thank you in advance.

Link to comment
Share on other sites

NOTE: I am trying to dumb this down it is much more involved that what I may imply here, and the terms use may not be technically correct due to the fact I am trying to make it simple to understand.


The site that you references utilising a different keypair per machine. The key pair (in this case SSH) is based on the implementation of public-key cryptography/encryption (an asymmetrical encryption method) in which a public and a private key are utilised to authenticate between two clients.


Commonly what this does is allow the communications to be employed to encrypt the data transmitted, thus allowing to ensure that it's secure. The public key can only be used to encrypt data that the private side can then decrypt the transmissions. This variant is implimented in methods such as PGP email encryption, and many other things (SSL certificates for instance), and it is considered secure.


In the case of SSH this method of encryption through the use of several control messages to authenticate endpoints, depending on how it is implemented.

Hacking an SSH key is not easily done, but this is more a function of the encryption used to generate them, 2048 and 4096 bit keys which are more common these days are much harder to crack, 128 256 512 and 1024 bit keys are all generally considered compromised due to the fact that with the increasing power of machines, it is more likely that they can be crack, not that they nessicerrily have been. So how do then do they get "hacked" more through social engineering and/or device loss than through anything else. They are in essence a file that sits on a computer, you loose the computer, someone else gains access to it through another method and the keys can be comprimised.


The keys can be comprimised from either side, more commonly it is however from the client side

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now

  • Create New...