> That actually strikes me as more dangerous: the key is in the memory
> image of Apache-SSL anyway, so if root is gone, you've got to assume the
> key is gone. With this architecture you're also exposing it on another
> machine, and while it is in transit between the two.
The passphrase really is just trivial protection from stupid mistakes, e.g.
if you forget to set appropriate permissions on your SSL private key
directory, and a normal user gets a look at the stuff when they shouldn't.
Ben's right, if root is ever compromised on your server, you have to assume
that every key on that server is compromised, whether you're using
passphrases or not.
There exist hardware devices dedicated to key storage; there exists crypto
software that never permanently reads a key into memory, but gets it every
time from such a device. This kind of expensive, convoluted solution
doesn't really fix anything, it just makes the would-be snooper's job a
little harder. A snooper with root access can STILL get ANYTHING that ever
exists in memory, bit by bit in real time if necessary.
My recomendation for maximum security: don't bother with the passphrases --
they give you a false sense of security and limit reliability. Instead,
severely limit user accounts on the server machine -- root and trusted
operators only. Open only the essential ports on your server (e.g. 80,
443), and conduct any interactive operations via a separate internal network
(different NIC on the server) using SSH with a multi-factor authentication
mechanism. Have ports 80 and 443 on your external network going through
a tight filtering IP-only device. For additional insurance, have a separate
device (e.g. Network Flight Recorder) monitor all traffic and review the
logs periodically for evidence of compromise.
Some subset or combination of the recommendations above may be appropriate
for your installation :-)
- Rob
--
Rob Heittman <rob@worldweb.net>
http://www.worldweb.net -- whois: RH374 -- pgp: pgp.ai.mit.edu