Je hebt een klacht over de onderstaande posting:
Een reactie van een student op een vraag tijdens awareness training: "Wat vinden jullie van ZIVVER, als vervanging voor PGP,S/MIME" -- "Ik ben geen security expert, dus ik doe er maar een gooi naar: 1) ZIVVER stores all the private keys encrypted by symmetrical encryption on their server. Once a user obtains the symmetric key, they have access to all private keys; Unless the private keys are protected by a passphrase an attacker can decrypt all messages on the server. Looking at the chapter: - 8.8 Regrant access to the message history of a user - 8.8 Regrant access to the message history of a user it does not look like the private keys are protected by a passphrase, because it is possible for an admin to decrypt all old private keys with the old derived key, when a user has forgotten his password. After these actions the users can re-access their messages and files sent and received before their password was reset; ZIVVER should use a HSM to store the private key instead of a symmetrical key; ...
Beschrijf je klacht (Optioneel):