Key Management

From MgmtWiki

Revision as of 11:11, 11 July 2023 by Tom (talk | contribs) (Created page with "==Full Title or Meme== ==Problems== * The Heartbleed bug shipped on March 14, 2012, it was not publicly discovered for two years. At its core, the issue was not the bug itsel...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Full Title or Meme

Problems

The Heartbleed bug shipped on March 14, 2012, it was not publicly discovered for two years. At its core, the issue was not the bug itself - as bugs are inevitable - but rather the design that left private keys in the user space of the application. 9 years later key management systems do this and worse today. They copy keys around in the clear, leaving them in environment variables and largely un-ACLed files stored in user space. Essentially, we are just one bug away from another Heartbleed-like exposure because the way we manage keys has not fundamentally changed.

Reverences

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Key_Management&oldid=18214"

Security