Given enough time, attackerscandiscover passwords, either by exploiting some system vulnerability or through the process of a brute-force guessing attack. Our only defense is to regularly change passwords, hopefully before anyone has a chance to discover the current one. Therefore, an important featu...
Furthermore, although we are concentrating on the security of data as it moves through the network—that is, the data is sometimes vulnerable for only a short period of time—in general, security people have to consider the vulnerability of data that needs to be stored in archives for tens ...
The functioncreate_dkek_share()assigns the sensitive 256 bit DKEK plaintext key shareproducedby the HSM's random generator to thedkek_share[32]variable on the stack. The plaintext key share is thenAES-256-encryptedwith the custodian's password and the encrypted key share is temporarily store...