[Opendnssec-develop] getting rid of HSM calls from the communicator
Roy Arends
roy at nominet.org.uk
Thu Sep 10 09:09:24 UTC 2009
Alex Dalitz/Nominet wrote on 09/09/2009 03:12:10 PM:
> > As for opendnssec, we'd need to make sure that automated re-salting
> > is off by default. Preferably ship it with a default salt.
>
> Really?!
>
> Would it not be safer to make the salt randomly generated on a per-
> installation basis?
It is possible, yes. But how does a unique salt per installation prevent
enumeration compared to the same salt per installation?
Kind regards,
Roy Arends
Sr. Researcher
Nominet UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090910/e8f778d0/attachment.htm>
More information about the Opendnssec-develop
mailing list