[Opendnssec-develop] getting rid of HSM calls from the communicator

Roy Arends roy at nominet.org.uk
Thu Sep 10 09:09:24 UTC 2009

Alex Dalitz/Nominet wrote on 09/09/2009 03:12:10 PM:

> > As for opendnssec, we'd need to make sure that automated re-salting 
> > is off by default. Preferably ship it with a default salt. 
> Really?! 
> Would it not be safer to make the salt randomly generated on a per-
> installation basis? 

It is possible, yes. But how does a unique salt per installation prevent 
enumeration compared to the same salt per installation?

Kind regards,

Roy Arends
Sr. Researcher
Nominet UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090910/e8f778d0/attachment.htm>

More information about the Opendnssec-develop mailing list