<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
How about encrypt the whole hard drive? <br>
<br>
If I built a server and give to other people, there is no easy way
to stop them reset the root password or just mount my drive to read
everything on it. But if build an encrypt OS then it will be
secure. My question here are: <1>Is this against Asterisk
GPL? <2>How about the performance on such a system? <br>
<br>
<div class="moz-signature"><b>Jian</b></div>
<br>
On 11-02-15 04:50 AM, Tzafrir Cohen wrote:
<blockquote cite="mid:20110215125034.GO10677@xorcom.com" type="cite">
<pre wrap="">On Tue, Feb 15, 2011 at 07:18:08AM -0500, Richard Kenner wrote:
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">Anyway, the answer is: No, it's mathematically impossible to do
that. Even if the passwords were stored encrypted, Asterisk itself
has to be able to get the plaintext passwords to send to the remote
server; so the code to decrypt them must necessarily be located on
the machine. And the Source Code to Asterisk is readily available,
which is how come you were able to benefit from it, so it would be
trivial to extract the passwords in any case.
</pre>
</blockquote>
<pre wrap="">
But there IS a way to improve things, and it's what Cisco routers do.
You can have all password stored in config file encrypted with a
single master key. That key is stored in a special file, containing
just that key. THAT file must then be heavily-protected, but all
OTHER config files can now be placed into CM or anywhere else they
might be needed.
</pre>
</blockquote>
<pre wrap="">
Right. But it really won't help much (except complicating things) if the
user has decent access to Asterisk.
</pre>
</blockquote>
</body>
</html>