SlideShare ist ein Scribd-Unternehmen logo

Tanker: keep your secrets (in a) safe

D
Dimitri Merejkowsky

Talk given at second SecParis Meetup.

Software
1 von 14
Downloaden Sie, um offline zu lesen
Keep your secrets (in a) safe Dimitri Merejkowsky February 2017
Me and Tanker Keep your secrets (in a) safe Tanker: powerful end-to-end encryption for cloud services (Dropbox, Onedrive, ...) Me:  Part-time Scrum Master  Buildfarm Guru  Continuous Integration  Deployment / Release scripts
Tanker security model
Software stack  Client backend: C++ (14!) with Botan  GUI: Qt WebView + HTML, CSS, JavaScript, React  Server backend: Go  Scripts: Python3
But we use HTTPS! HTTPs alone won’t save you (especially if you don’t check the certificates) A virus can patch the client to by-pass the certificate verifications, or even send the data to an other server, so we need to make sure the client executables are not compromised.
Applications store to the rescue! Our client binaries are signed, so as soon as you change something in the executable, the operating system will notice :) On Linux we can sign with a GPG key for instance.
Tanker secrets Keep your secrets (in a) safe We have a few secrets to keep safe here at Tanker.  Signing keys for Windows and Mac  (This is required when you have an “official” Dropbox application such as ours)  Private ssh keys (stored on a USB drive)  ….
The Hardware Security Module and the Air Gap Keep your secrets (in a) safe Lots of fancy words for a very simple idea: The hardware that contains the “secret” files (aka the HSM) is never connected to any network. And so, we put the HSM in a safe (a real one!) The safe has a key and a password
Open or closed? Keep your secrets (in a) safe When everyone has left the office, should the safe be opened or closed?
Open or closed? Keep your secrets (in a) safe During office hours, should the safe be opened or closed?
What happens when the safe is always closed Keep your secrets (in a) safe  You have to type the password and use the key over and over again  You might forget to put stuff back in when you leave the office
What happens when the safe is opened during office hours Keep your secrets (in a) safe  You only have to enter the password once per day (By the way, this is how sudo and ssh-agent work)  You are less likely to forget to close it when you leave  You see the contents of the safe so you are less likely to leave secrets outside, unprotected
One last hack Keep your secrets (in a) safe  The key to the office door is placed right in front of the safe’s door  Same thing: you are less likely to forget to close the door when you leave
Parting words Keep your secrets (in a) safe We’re hiring ! https://app.tanker.io/rabbit/ https://www.linkedin.com/company/tankerapp Follow us on twitter: @Tanker_Security

Empfohlen

jquerySF: https://<your>
jquerySF: https://<your>jquerySF: https://<your>
jquerySF: https://<your>Emily Stark
 
My bro procedure
My bro procedureMy bro procedure
My bro proceduremaynard23
 
Google country day_intervento
Google country day_interventoGoogle country day_intervento
Google country day_interventofirenze-gtug
 
Vim Showcase
Vim ShowcaseVim Showcase
Vim ShowcaseBrandon Liu
 
Websockets en Ruby en 5 Minutos
Websockets en Ruby en 5 MinutosWebsockets en Ruby en 5 Minutos
Websockets en Ruby en 5 Minutosdamianmarti
 
ssh
sshssh
sshChristian Heinrich
 
Information Security Primer: Secure your network in 12 (not so) Simple Steps
Information Security Primer: Secure your network in 12 (not so) Simple StepsInformation Security Primer: Secure your network in 12 (not so) Simple Steps
Information Security Primer: Secure your network in 12 (not so) Simple StepsDave sirof
 
Using FM-synth chip on LUNA-88K2, at NBUG meeting 2015-10
Using FM-synth chip on LUNA-88K2, at NBUG meeting 2015-10Using FM-synth chip on LUNA-88K2, at NBUG meeting 2015-10
Using FM-synth chip on LUNA-88K2, at NBUG meeting 2015-10Kenji Aoyama
 

Empfohlen

jquerySF: https://<your>
jquerySF: https://<your>jquerySF: https://<your>
jquerySF: https://<your>Emily Stark
 
My bro procedure
My bro procedureMy bro procedure
My bro proceduremaynard23
 
Google country day_intervento
Google country day_interventoGoogle country day_intervento
Google country day_interventofirenze-gtug
 
Vim Showcase
Vim ShowcaseVim Showcase
Vim ShowcaseBrandon Liu
 
Websockets en Ruby en 5 Minutos
Websockets en Ruby en 5 MinutosWebsockets en Ruby en 5 Minutos
Websockets en Ruby en 5 Minutosdamianmarti
 
ssh
sshssh
sshChristian Heinrich
 
Information Security Primer: Secure your network in 12 (not so) Simple Steps
Information Security Primer: Secure your network in 12 (not so) Simple StepsInformation Security Primer: Secure your network in 12 (not so) Simple Steps
Information Security Primer: Secure your network in 12 (not so) Simple StepsDave sirof
 
Using FM-synth chip on LUNA-88K2, at NBUG meeting 2015-10
Using FM-synth chip on LUNA-88K2, at NBUG meeting 2015-10Using FM-synth chip on LUNA-88K2, at NBUG meeting 2015-10
Using FM-synth chip on LUNA-88K2, at NBUG meeting 2015-10Kenji Aoyama
 
Aforismos. parte xxii.
Aforismos. parte xxii.Aforismos. parte xxii.
Aforismos. parte xxii.José María
 
Evolucion fonética del latín al castellano
Evolucion fonética del latín al castellanoEvolucion fonética del latín al castellano
Evolucion fonética del latín al castellanoJavier Almodóvar
 
Magento 2 Code Generation Tools
Magento 2 Code Generation ToolsMagento 2 Code Generation Tools
Magento 2 Code Generation ToolsÓscar Recio Soria
 
Accept Credit Card Payments with Credit Card Processing
Accept Credit Card Payments with Credit Card Processing Accept Credit Card Payments with Credit Card Processing
Accept Credit Card Payments with Credit Card ProcessingJayWigdore
 
La Edad Media: El Feudalismo
La Edad Media: El FeudalismoLa Edad Media: El Feudalismo
La Edad Media: El FeudalismoWikiteacher
 
Result
ResultResult
ResultEdward Nyameri
 
Science 10 Learner’s Material Unit 4
Science 10 Learner’s Material Unit 4 Science 10 Learner’s Material Unit 4
Science 10 Learner’s Material Unit 4 PRINTDESK by Dan
 
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Burr Sutter
 
Top 5 Deep Learning Stories 2/24
Top 5 Deep Learning Stories 2/24Top 5 Deep Learning Stories 2/24
Top 5 Deep Learning Stories 2/24NVIDIA
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to MicroservicesAmazon Web Services
 
App coordinators in iOS
App coordinators in iOSApp coordinators in iOS
App coordinators in iOSUptech
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudAmazon Web Services
 
Getting Started with Docker on AWS
Getting Started with Docker on AWSGetting Started with Docker on AWS
Getting Started with Docker on AWSAmazon Web Services
 
Paris.py
Paris.pyParis.py
Paris.pyDimitri Merejkowsky
 
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016Netwerk Oorlogsbronnen
 
Dslからのコードジェネレーションで楽々play開発
Dslからのコードジェネレーションで楽々play開発Dslからのコードジェネレーションで楽々play開発
Dslからのコードジェネレーションで楽々play開発Yoshiteru Takeshita
 
Projektinformation - EU REACH OUT
Projektinformation - EU REACH OUTProjektinformation - EU REACH OUT
Projektinformation - EU REACH OUTMichaela Meier
 
International Journal of Renewable Energy and its Commercialization vol 2 iss...
International Journal of Renewable Energy and its Commercialization vol 2 iss...International Journal of Renewable Energy and its Commercialization vol 2 iss...
International Journal of Renewable Energy and its Commercialization vol 2 iss...JournalsPub www.journalspub.com
 
Infographic: Smartphone
Infographic: SmartphoneInfographic: Smartphone
Infographic: SmartphoneEricsson
 
RubyエンジニアがPythonをdisるためにPythonを勉強してみた
RubyエンジニアがPythonをdisるためにPythonを勉強してみたRubyエンジニアがPythonをdisるためにPythonを勉強してみた
RubyエンジニアがPythonをdisるためにPythonを勉強してみたYusuke Kon
 
Cqcon2015
Cqcon2015Cqcon2015
Cqcon2015Antonio Sanso
 
You wanna crypto in AEM
You wanna crypto in AEMYou wanna crypto in AEM
You wanna crypto in AEMDamien Antipa
 

Weitere ähnliche Inhalte

Andere mochten auch

Aforismos. parte xxii.
Aforismos. parte xxii.Aforismos. parte xxii.
Aforismos. parte xxii.José María
 
Evolucion fonética del latín al castellano
Evolucion fonética del latín al castellanoEvolucion fonética del latín al castellano
Evolucion fonética del latín al castellanoJavier Almodóvar
 
Magento 2 Code Generation Tools
Magento 2 Code Generation ToolsMagento 2 Code Generation Tools
Magento 2 Code Generation ToolsÓscar Recio Soria
 
Accept Credit Card Payments with Credit Card Processing
Accept Credit Card Payments with Credit Card Processing Accept Credit Card Payments with Credit Card Processing
Accept Credit Card Payments with Credit Card ProcessingJayWigdore
 
La Edad Media: El Feudalismo
La Edad Media: El FeudalismoLa Edad Media: El Feudalismo
La Edad Media: El FeudalismoWikiteacher
 
Science 10 Learner’s Material Unit 4
Science 10 Learner’s Material Unit 4 Science 10 Learner’s Material Unit 4
Science 10 Learner’s Material Unit 4 PRINTDESK by Dan
 
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Burr Sutter
 
Top 5 Deep Learning Stories 2/24
Top 5 Deep Learning Stories 2/24Top 5 Deep Learning Stories 2/24
Top 5 Deep Learning Stories 2/24NVIDIA
 
App coordinators in iOS
App coordinators in iOSApp coordinators in iOS
App coordinators in iOSUptech
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudAmazon Web Services
 
Getting Started with Docker on AWS
Getting Started with Docker on AWSGetting Started with Docker on AWS
Getting Started with Docker on AWSAmazon Web Services
 
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016Netwerk Oorlogsbronnen
 
Dslからのコードジェネレーションで楽々play開発
Dslからのコードジェネレーションで楽々play開発Dslからのコードジェネレーションで楽々play開発
Dslからのコードジェネレーションで楽々play開発Yoshiteru Takeshita
 
Projektinformation - EU REACH OUT
Projektinformation - EU REACH OUTProjektinformation - EU REACH OUT
Projektinformation - EU REACH OUTMichaela Meier
 
International Journal of Renewable Energy and its Commercialization vol 2 iss...
International Journal of Renewable Energy and its Commercialization vol 2 iss...International Journal of Renewable Energy and its Commercialization vol 2 iss...
International Journal of Renewable Energy and its Commercialization vol 2 iss...JournalsPub www.journalspub.com
 
Infographic: Smartphone
Infographic: SmartphoneInfographic: Smartphone
Infographic: SmartphoneEricsson
 
RubyエンジニアがPythonをdisるためにPythonを勉強してみた
RubyエンジニアがPythonをdisるためにPythonを勉強してみたRubyエンジニアがPythonをdisるためにPythonを勉強してみた
RubyエンジニアがPythonをdisるためにPythonを勉強してみたYusuke Kon
 

Andere mochten auch (20)

Aforismos. parte xxii.
Aforismos. parte xxii.Aforismos. parte xxii.
Aforismos. parte xxii.
 
Evolucion fonética del latín al castellano
Evolucion fonética del latín al castellanoEvolucion fonética del latín al castellano
Evolucion fonética del latín al castellano
 
Magento 2 Code Generation Tools
Magento 2 Code Generation ToolsMagento 2 Code Generation Tools
Magento 2 Code Generation Tools
 
Accept Credit Card Payments with Credit Card Processing
Accept Credit Card Payments with Credit Card Processing Accept Credit Card Payments with Credit Card Processing
Accept Credit Card Payments with Credit Card Processing
 
La Edad Media: El Feudalismo
La Edad Media: El FeudalismoLa Edad Media: El Feudalismo
La Edad Media: El Feudalismo
 
Result
ResultResult
Result
 
Science 10 Learner’s Material Unit 4
Science 10 Learner’s Material Unit 4 Science 10 Learner’s Material Unit 4
Science 10 Learner’s Material Unit 4
 
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
 
Top 5 Deep Learning Stories 2/24
Top 5 Deep Learning Stories 2/24Top 5 Deep Learning Stories 2/24
Top 5 Deep Learning Stories 2/24
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
App coordinators in iOS
App coordinators in iOSApp coordinators in iOS
App coordinators in iOS
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless Cloud
 
Getting Started with Docker on AWS
Getting Started with Docker on AWSGetting Started with Docker on AWS
Getting Started with Docker on AWS
 
Paris.py
Paris.pyParis.py
Paris.py
 
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016
 
Dslからのコードジェネレーションで楽々play開発
Dslからのコードジェネレーションで楽々play開発Dslからのコードジェネレーションで楽々play開発
Dslからのコードジェネレーションで楽々play開発
 
Projektinformation - EU REACH OUT
Projektinformation - EU REACH OUTProjektinformation - EU REACH OUT
Projektinformation - EU REACH OUT
 
International Journal of Renewable Energy and its Commercialization vol 2 iss...
International Journal of Renewable Energy and its Commercialization vol 2 iss...International Journal of Renewable Energy and its Commercialization vol 2 iss...
International Journal of Renewable Energy and its Commercialization vol 2 iss...
 
Infographic: Smartphone
Infographic: SmartphoneInfographic: Smartphone
Infographic: Smartphone
 
RubyエンジニアがPythonをdisるためにPythonを勉強してみた
RubyエンジニアがPythonをdisるためにPythonを勉強してみたRubyエンジニアがPythonをdisるためにPythonを勉強してみた
RubyエンジニアがPythonをdisるためにPythonを勉強してみた
 

Ähnlich wie Tanker: keep your secrets (in a) safe

You wanna crypto in AEM
You wanna crypto in AEMYou wanna crypto in AEM
You wanna crypto in AEMDamien Antipa
 
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...Puppet
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental iiSyaiful Ahdan
 
Testing curl for security
Testing curl for securityTesting curl for security
Testing curl for securityDaniel Stenberg
 
Web security programming_ii
Web security programming_iiWeb security programming_ii
Web security programming_iigoogli
 
Web Security Programming I I
Web Security Programming I IWeb Security Programming I I
Web Security Programming I IPavu Jas
 
Web security programming_ii
Web security programming_iiWeb security programming_ii
Web security programming_iigoogli
 
Practical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for DevelopersPractical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for DevelopersGökhan Şengün
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018HashiCorp
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Stanfy
 
XP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applicationsXP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applicationsVlad Fedosov
 
Dev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityDev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityMario Heiderich
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreWilliam Mann
 

Ähnlich wie Tanker: keep your secrets (in a) safe (20)

Cqcon2015
Cqcon2015Cqcon2015
Cqcon2015
 
You wanna crypto in AEM
You wanna crypto in AEMYou wanna crypto in AEM
You wanna crypto in AEM
 
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental ii
 
Testing curl for security
Testing curl for securityTesting curl for security
Testing curl for security
 
demo1
demo1demo1
demo1
 
Web security programming_ii
Web security programming_iiWeb security programming_ii
Web security programming_ii
 
Web Security Programming I I
Web Security Programming I IWeb Security Programming I I
Web Security Programming I I
 
Web security programming_ii
Web security programming_iiWeb security programming_ii
Web security programming_ii
 
Practical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for DevelopersPractical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for Developers
 
Us 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesUs 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimes
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
 
SSH how to 2011
SSH how to 2011SSH how to 2011
SSH how to 2011
 
Total E(A)gression defcon
Total E(A)gression defconTotal E(A)gression defcon
Total E(A)gression defcon
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Old Linux Security Talk
Old Linux Security TalkOld Linux Security Talk
Old Linux Security Talk
 
XP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applicationsXP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applications
 
Dev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityDev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT Security
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & More
 

Kürzlich hochgeladen

%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburgmasabamasaba
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxAnnaArtyushina1
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 

Kürzlich hochgeladen (20)

%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 

Tanker: keep your secrets (in a) safe

  • 1. Keep your secrets (in a) safe Dimitri Merejkowsky February 2017
  • 2. Me and Tanker Keep your secrets (in a) safe Tanker: powerful end-to-end encryption for cloud services (Dropbox, Onedrive, ...) Me:  Part-time Scrum Master  Buildfarm Guru  Continuous Integration  Deployment / Release scripts
  • 4. Software stack  Client backend: C++ (14!) with Botan  GUI: Qt WebView + HTML, CSS, JavaScript, React  Server backend: Go  Scripts: Python3
  • 5. But we use HTTPS! HTTPs alone won’t save you (especially if you don’t check the certificates) A virus can patch the client to by-pass the certificate verifications, or even send the data to an other server, so we need to make sure the client executables are not compromised.
  • 6. Applications store to the rescue! Our client binaries are signed, so as soon as you change something in the executable, the operating system will notice :) On Linux we can sign with a GPG key for instance.
  • 7. Tanker secrets Keep your secrets (in a) safe We have a few secrets to keep safe here at Tanker.  Signing keys for Windows and Mac  (This is required when you have an “official” Dropbox application such as ours)  Private ssh keys (stored on a USB drive)  ….
  • 8. The Hardware Security Module and the Air Gap Keep your secrets (in a) safe Lots of fancy words for a very simple idea: The hardware that contains the “secret” files (aka the HSM) is never connected to any network. And so, we put the HSM in a safe (a real one!) The safe has a key and a password
  • 9. Open or closed? Keep your secrets (in a) safe When everyone has left the office, should the safe be opened or closed?
  • 10. Open or closed? Keep your secrets (in a) safe During office hours, should the safe be opened or closed?
  • 11. What happens when the safe is always closed Keep your secrets (in a) safe  You have to type the password and use the key over and over again  You might forget to put stuff back in when you leave the office
  • 12. What happens when the safe is opened during office hours Keep your secrets (in a) safe  You only have to enter the password once per day (By the way, this is how sudo and ssh-agent work)  You are less likely to forget to close it when you leave  You see the contents of the safe so you are less likely to leave secrets outside, unprotected
  • 13. One last hack Keep your secrets (in a) safe  The key to the office door is placed right in front of the safe’s door  Same thing: you are less likely to forget to close the door when you leave
  • 14. Parting words Keep your secrets (in a) safe We’re hiring ! https://app.tanker.io/rabbit/ https://www.linkedin.com/company/tankerapp Follow us on twitter: @Tanker_Security