Jump to content
Sign in to follow this  
davesden

Queries on encryption key protection.

Recommended Posts

davesden

we are planning to host our database on cloud storage. Hopefully, it would help us cut on server maintenance and technical  support. Before we change I have to clarify certain doubts, which I hope will be cleared from here.

 

I read about encryption key management issues for the cloud storage. https://nci.ca/preventing-key-management-challenges-in-cloud-security/ . They have told to use a different SSH keypair. What is the meaning of that? How can the encryption keys be hacked? Is it from the login point or from the cloud server? 

 

I would greatly appreciate your help in understanding these terms. Need your advice.

 

Thank you in advance.

Share this post


Link to post
Share on other sites
ShadowPeo

NOTE: I am trying to dumb this down it is much more involved that what I may imply here, and the terms use may not be technically correct due to the fact I am trying to make it simple to understand.

 

The site that you references utilising a different keypair per machine. The key pair (in this case SSH) is based on the implementation of public-key cryptography/encryption (an asymmetrical encryption method) in which a public and a private key are utilised to authenticate between two clients.

 

Commonly what this does is allow the communications to be employed to encrypt the data transmitted, thus allowing to ensure that it's secure. The public key can only be used to encrypt data that the private side can then decrypt the transmissions. This variant is implimented in methods such as PGP email encryption, and many other things (SSL certificates for instance), and it is considered secure.

 

In the case of SSH this method of encryption through the use of several control messages to authenticate endpoints, depending on how it is implemented.

Hacking an SSH key is not easily done, but this is more a function of the encryption used to generate them, 2048 and 4096 bit keys which are more common these days are much harder to crack, 128 256 512 and 1024 bit keys are all generally considered compromised due to the fact that with the increasing power of machines, it is more likely that they can be crack, not that they nessicerrily have been. So how do then do they get "hacked" more through social engineering and/or device loss than through anything else. They are in essence a file that sits on a computer, you loose the computer, someone else gains access to it through another method and the keys can be comprimised.

 

The keys can be comprimised from either side, more commonly it is however from the client side

Share this post


Link to post
Share on other sites
davesden

Thanks a lot, ShadowPeo. You explained it well. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  



×