[Full-Disclosure] Re: IRCXpro 1.0 - Clear local and default remote admin passwords

Wed Jun 4 19:19:12 BST 2003

> Many programs need a private key for encryption.  Possession of this key is usually part if not all of the decision for authentication.  
> 
> The only relatively safe way of maintaining this key on disk is to encrypt it and require a decryption password from the user when starting the process.  
> 
> Unfortunately, system admins have a beef with servers that restart and require an operator to input a password to get the >services up, especially in production environments.  

An example of this is when you run a https server with a signed cert and non empty passphrase. You need to put the key everytime you restart the service.

IMHO, a solution could be some kind of hard-key (EEPROM connected to the parallel port).

pablo.