[Samba] [Announce] Samba 4.8.0rc4 Available for Download
Jonathan Hunter
jmhunter1 at gmail.com
Thu Mar 1 22:34:35 UTC 2018
Thank you to all the team for the work on this.
On 1 March 2018 at 20:26, Karolin Seeger via samba <samba at lists.samba.org>
wrote:
> [...]
>
> Encrypted secrets
> -----------------
>
> Attributes deemed to be sensitive are now encrypted on disk.
> [...]
> The key file "encrypted_secrets.key" is created in the same directory
> as the database and should NEVER be disclosed. It is included by the
> samba_backup script.
>
Can I ask (genuine question) - what is the gain from encrypting the
secrets, but also keeping the key in the same directory?
I am all for encrypting data on disk; I'm just not sure what is gained in
this scenario. If an attacker has access to the database file, the same
attacker would also have access to the key, wouldn't they?
Not that I can think of any alternatives, given that the server does of
course need the key itself in order to decrypt and use the database - I
just wanted to understand the thinking behind the feature.
(Also - the notes state that an in-place upgrade won't encrypt the
database.. is there a command-line way to trigger an encrypt, should it be
wanted?)
Thanks,
Jonathan
--
"If we knew what it was we were doing, it would not be called research,
would it?"
- Albert Einstein
More information about the samba
mailing list