[ale] best practices for key management w/encrypted backups
Sid Lane
jakes.dad at gmail.com
Wed May 13 09:33:59 EDT 2009
hey,
I have been tasked w/reviewing/testing/etc our processes for managing
encrypted backups & it got me to thinking "what's the right # of keys to
deploy (global master pair? one per client? one per application?)? how
often should they be rotated? where/how should they be stored?", etc.
my 1st inclination is to write a script to generate a metric 5h1+-ton of key
pairs, burn them onto a bunch of CDs and distribute them to clients for
one-time use but is that thermonuclear overkill? obviously nobody wants to
end up on /. but on the other hand ending up w/a backup you can't
decrypt/restore is arguably worse (far IMO).
what are the accepted best practices for key management (generation,
rotation, storage, recall, etc) for backups? any good white papers, books,
blogs, etc?
any info appreciated!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20090513/827f5207/attachment-0001.html
More information about the Ale
mailing list