(let's assume we're talking about encryption keys here rather than pass codes though it really makes little difference... and note that your passwords are a slightly different concern)
Is it incompetence to use an old code? No.
For synchronous requests (e.g. like those over HTTPS) there's a handshake process you go through every few minutes to agree a new key. Client and server then continue to use this key until it expires then they agree a new one. If the underlying certificate changes you simply go through the handshake again.
For asynchronous requests things aren't as easy. You could encrypt and queue a request one minute and change the key the next but the message remains on the queue for another hour before it gets processed. In these cases you can either reject the message (usually unacceptable) or try the older key and accept that for a while longer.
Equally with persistent storage you could change the key every month but you can't go round decrypting and re-encrypting all historic content and accept the outage this causes every time. Well, not if you've billions of records and an availability SLA of greater than a few percent. So again, you've got to let the old codes work..
You could use full disk/database encryption but that's got other issues - like its next to useless once the disks are spinning... And besides, when you change the disk password you're not actually changing the key and re-encrypting the data, you're just changing the password used to obtain the key.
So it is ok to accept old codes. For a while at least.
An empire spread throughout the galaxy isn't going to be able to distribute new codes to every stormtrooper instantaneously. Even if they do have the dark-side on their side...
No comments:
Post a Comment