I’m sorry guys, but I can't get into to much more detail. Both Victor,
and Ken are correct, and we know those answers. After talking with
our director of development yesterday, I may have convinced him to
seek the help of someone who does crypto implementation for a living.
Basically to have them go over there design, and implementation document
and make sure that they are doing sane things!
Thanks everyone for your input!
David Gianndrea
Senior Network Engineer
Comsquared Systems, Inc.
Email: [EMAIL PROTECTED]
Web: www.comsquared.com
Ken Goldman wrote:
What Victor is (correctly) trying to say is that you have not yet
defined the problem.
"encrypting each file" is a possible solution. It is not the problem.
What is your data, what is it's value, where does it exist over its
life, who is the attacker, what is the access, what will the attacker
try to do (read the data, write the data, change the data, deny access
to the data, replay old data, detect read or write patterns)?
Sorry Victor, Im not explaining it very well. Let me try again.
What we need to do is to protect data from the point of view of
ensuring that if the media it is on be that a hard drive, tape, or
optical disk is encrypted. For our system that is best done by
encrypting each file on a file by file basis. Our design team is
looking to use AES-128 in CBC, and a pass phrase protected key.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
