SlideShare uma empresa Scribd logo

Tanker: keep your secrets (in a) safe

D
Dimitri Merejkowsky

Talk given at second SecParis Meetup.

Software
1 de 14
Baixar para ler offline
Keep your secrets (in a) safe Dimitri Merejkowsky February 2017
Me and Tanker Keep your secrets (in a) safe Tanker: powerful end-to-end encryption for cloud services (Dropbox, Onedrive, ...) Me:  Part-time Scrum Master  Buildfarm Guru  Continuous Integration  Deployment / Release scripts
Tanker security model
Software stack  Client backend: C++ (14!) with Botan  GUI: Qt WebView + HTML, CSS, JavaScript, React  Server backend: Go  Scripts: Python3
But we use HTTPS! HTTPs alone won’t save you (especially if you don’t check the certificates) A virus can patch the client to by-pass the certificate verifications, or even send the data to an other server, so we need to make sure the client executables are not compromised.
Applications store to the rescue! Our client binaries are signed, so as soon as you change something in the executable, the operating system will notice :) On Linux we can sign with a GPG key for instance.
Tanker secrets Keep your secrets (in a) safe We have a few secrets to keep safe here at Tanker.  Signing keys for Windows and Mac  (This is required when you have an “official” Dropbox application such as ours)  Private ssh keys (stored on a USB drive)  ….
The Hardware Security Module and the Air Gap Keep your secrets (in a) safe Lots of fancy words for a very simple idea: The hardware that contains the “secret” files (aka the HSM) is never connected to any network. And so, we put the HSM in a safe (a real one!) The safe has a key and a password
Open or closed? Keep your secrets (in a) safe When everyone has left the office, should the safe be opened or closed?
Open or closed? Keep your secrets (in a) safe During office hours, should the safe be opened or closed?
What happens when the safe is always closed Keep your secrets (in a) safe  You have to type the password and use the key over and over again  You might forget to put stuff back in when you leave the office
What happens when the safe is opened during office hours Keep your secrets (in a) safe  You only have to enter the password once per day (By the way, this is how sudo and ssh-agent work)  You are less likely to forget to close it when you leave  You see the contents of the safe so you are less likely to leave secrets outside, unprotected
One last hack Keep your secrets (in a) safe  The key to the office door is placed right in front of the safe’s door  Same thing: you are less likely to forget to close the door when you leave
Parting words Keep your secrets (in a) safe We’re hiring ! https://app.tanker.io/rabbit/ https://www.linkedin.com/company/tankerapp Follow us on twitter: @Tanker_Security

Recomendados

jquerySF: https://<your>
jquerySF: https://<your>jquerySF: https://<your>
jquerySF: https://<your>Emily Stark
 
My bro procedure
My bro procedureMy bro procedure
My bro proceduremaynard23
 
Google country day_intervento
Google country day_interventoGoogle country day_intervento
Google country day_interventofirenze-gtug
 
Vim Showcase
Vim ShowcaseVim Showcase
Vim ShowcaseBrandon Liu
 
Websockets en Ruby en 5 Minutos
Websockets en Ruby en 5 MinutosWebsockets en Ruby en 5 Minutos
Websockets en Ruby en 5 Minutosdamianmarti
 
ssh
sshssh
sshChristian Heinrich
 
Information Security Primer: Secure your network in 12 (not so) Simple Steps
Information Security Primer: Secure your network in 12 (not so) Simple StepsInformation Security Primer: Secure your network in 12 (not so) Simple Steps
Information Security Primer: Secure your network in 12 (not so) Simple StepsDave sirof
 
Using FM-synth chip on LUNA-88K2, at NBUG meeting 2015-10
Using FM-synth chip on LUNA-88K2, at NBUG meeting 2015-10Using FM-synth chip on LUNA-88K2, at NBUG meeting 2015-10
Using FM-synth chip on LUNA-88K2, at NBUG meeting 2015-10Kenji Aoyama
 

Recomendados

jquerySF: https://<your>
jquerySF: https://<your>jquerySF: https://<your>
jquerySF: https://<your>Emily Stark
 
My bro procedure
My bro procedureMy bro procedure
My bro proceduremaynard23
 
Google country day_intervento
Google country day_interventoGoogle country day_intervento
Google country day_interventofirenze-gtug
 
Vim Showcase
Vim ShowcaseVim Showcase
Vim ShowcaseBrandon Liu
 
Websockets en Ruby en 5 Minutos
Websockets en Ruby en 5 MinutosWebsockets en Ruby en 5 Minutos
Websockets en Ruby en 5 Minutosdamianmarti
 
ssh
sshssh
sshChristian Heinrich
 
Information Security Primer: Secure your network in 12 (not so) Simple Steps
Information Security Primer: Secure your network in 12 (not so) Simple StepsInformation Security Primer: Secure your network in 12 (not so) Simple Steps
Information Security Primer: Secure your network in 12 (not so) Simple StepsDave sirof
 
Using FM-synth chip on LUNA-88K2, at NBUG meeting 2015-10
Using FM-synth chip on LUNA-88K2, at NBUG meeting 2015-10Using FM-synth chip on LUNA-88K2, at NBUG meeting 2015-10
Using FM-synth chip on LUNA-88K2, at NBUG meeting 2015-10Kenji Aoyama
 
Aforismos. parte xxii.
Aforismos. parte xxii.Aforismos. parte xxii.
Aforismos. parte xxii.José María
 
Evolucion fonética del latín al castellano
Evolucion fonética del latín al castellanoEvolucion fonética del latín al castellano
Evolucion fonética del latín al castellanoJavier Almodóvar
 
Magento 2 Code Generation Tools
Magento 2 Code Generation ToolsMagento 2 Code Generation Tools
Magento 2 Code Generation ToolsÓscar Recio Soria
 
Accept Credit Card Payments with Credit Card Processing
Accept Credit Card Payments with Credit Card Processing Accept Credit Card Payments with Credit Card Processing
Accept Credit Card Payments with Credit Card ProcessingJayWigdore
 
La Edad Media: El Feudalismo
La Edad Media: El FeudalismoLa Edad Media: El Feudalismo
La Edad Media: El FeudalismoWikiteacher
 
Result
ResultResult
ResultEdward Nyameri
 
Science 10 Learner’s Material Unit 4
Science 10 Learner’s Material Unit 4 Science 10 Learner’s Material Unit 4
Science 10 Learner’s Material Unit 4 PRINTDESK by Dan
 
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Burr Sutter
 
Top 5 Deep Learning Stories 2/24
Top 5 Deep Learning Stories 2/24Top 5 Deep Learning Stories 2/24
Top 5 Deep Learning Stories 2/24NVIDIA
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to MicroservicesAmazon Web Services
 
App coordinators in iOS
App coordinators in iOSApp coordinators in iOS
App coordinators in iOSUptech
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudAmazon Web Services
 
Getting Started with Docker on AWS
Getting Started with Docker on AWSGetting Started with Docker on AWS
Getting Started with Docker on AWSAmazon Web Services
 
Paris.py
Paris.pyParis.py
Paris.pyDimitri Merejkowsky
 
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016Netwerk Oorlogsbronnen
 
Dslからのコードジェネレーションで楽々play開発
Dslからのコードジェネレーションで楽々play開発Dslからのコードジェネレーションで楽々play開発
Dslからのコードジェネレーションで楽々play開発Yoshiteru Takeshita
 
Projektinformation - EU REACH OUT
Projektinformation - EU REACH OUTProjektinformation - EU REACH OUT
Projektinformation - EU REACH OUTMichaela Meier
 
International Journal of Renewable Energy and its Commercialization vol 2 iss...
International Journal of Renewable Energy and its Commercialization vol 2 iss...International Journal of Renewable Energy and its Commercialization vol 2 iss...
International Journal of Renewable Energy and its Commercialization vol 2 iss...JournalsPub www.journalspub.com
 
Infographic: Smartphone
Infographic: SmartphoneInfographic: Smartphone
Infographic: SmartphoneEricsson
 
RubyエンジニアがPythonをdisるためにPythonを勉強してみた
RubyエンジニアがPythonをdisるためにPythonを勉強してみたRubyエンジニアがPythonをdisるためにPythonを勉強してみた
RubyエンジニアがPythonをdisるためにPythonを勉強してみたYusuke Kon
 
Cqcon2015
Cqcon2015Cqcon2015
Cqcon2015Antonio Sanso
 
You wanna crypto in AEM
You wanna crypto in AEMYou wanna crypto in AEM
You wanna crypto in AEMDamien Antipa
 

Mais conteúdo relacionado

Destaque

Aforismos. parte xxii.
Aforismos. parte xxii.Aforismos. parte xxii.
Aforismos. parte xxii.José María
 
Evolucion fonética del latín al castellano
Evolucion fonética del latín al castellanoEvolucion fonética del latín al castellano
Evolucion fonética del latín al castellanoJavier Almodóvar
 
Magento 2 Code Generation Tools
Magento 2 Code Generation ToolsMagento 2 Code Generation Tools
Magento 2 Code Generation ToolsÓscar Recio Soria
 
Accept Credit Card Payments with Credit Card Processing
Accept Credit Card Payments with Credit Card Processing Accept Credit Card Payments with Credit Card Processing
Accept Credit Card Payments with Credit Card ProcessingJayWigdore
 
La Edad Media: El Feudalismo
La Edad Media: El FeudalismoLa Edad Media: El Feudalismo
La Edad Media: El FeudalismoWikiteacher
 
Science 10 Learner’s Material Unit 4
Science 10 Learner’s Material Unit 4 Science 10 Learner’s Material Unit 4
Science 10 Learner’s Material Unit 4 PRINTDESK by Dan
 
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Burr Sutter
 
Top 5 Deep Learning Stories 2/24
Top 5 Deep Learning Stories 2/24Top 5 Deep Learning Stories 2/24
Top 5 Deep Learning Stories 2/24NVIDIA
 
App coordinators in iOS
App coordinators in iOSApp coordinators in iOS
App coordinators in iOSUptech
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudAmazon Web Services
 
Getting Started with Docker on AWS
Getting Started with Docker on AWSGetting Started with Docker on AWS
Getting Started with Docker on AWSAmazon Web Services
 
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016Netwerk Oorlogsbronnen
 
Dslからのコードジェネレーションで楽々play開発
Dslからのコードジェネレーションで楽々play開発Dslからのコードジェネレーションで楽々play開発
Dslからのコードジェネレーションで楽々play開発Yoshiteru Takeshita
 
Projektinformation - EU REACH OUT
Projektinformation - EU REACH OUTProjektinformation - EU REACH OUT
Projektinformation - EU REACH OUTMichaela Meier
 
International Journal of Renewable Energy and its Commercialization vol 2 iss...
International Journal of Renewable Energy and its Commercialization vol 2 iss...International Journal of Renewable Energy and its Commercialization vol 2 iss...
International Journal of Renewable Energy and its Commercialization vol 2 iss...JournalsPub www.journalspub.com
 
Infographic: Smartphone
Infographic: SmartphoneInfographic: Smartphone
Infographic: SmartphoneEricsson
 
RubyエンジニアがPythonをdisるためにPythonを勉強してみた
RubyエンジニアがPythonをdisるためにPythonを勉強してみたRubyエンジニアがPythonをdisるためにPythonを勉強してみた
RubyエンジニアがPythonをdisるためにPythonを勉強してみたYusuke Kon
 

Destaque (20)

Aforismos. parte xxii.
Aforismos. parte xxii.Aforismos. parte xxii.
Aforismos. parte xxii.
 
Evolucion fonética del latín al castellano
Evolucion fonética del latín al castellanoEvolucion fonética del latín al castellano
Evolucion fonética del latín al castellano
 
Magento 2 Code Generation Tools
Magento 2 Code Generation ToolsMagento 2 Code Generation Tools
Magento 2 Code Generation Tools
 
Accept Credit Card Payments with Credit Card Processing
Accept Credit Card Payments with Credit Card Processing Accept Credit Card Payments with Credit Card Processing
Accept Credit Card Payments with Credit Card Processing
 
La Edad Media: El Feudalismo
La Edad Media: El FeudalismoLa Edad Media: El Feudalismo
La Edad Media: El Feudalismo
 
Result
ResultResult
Result
 
Science 10 Learner’s Material Unit 4
Science 10 Learner’s Material Unit 4 Science 10 Learner’s Material Unit 4
Science 10 Learner’s Material Unit 4
 
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...
 
Top 5 Deep Learning Stories 2/24
Top 5 Deep Learning Stories 2/24Top 5 Deep Learning Stories 2/24
Top 5 Deep Learning Stories 2/24
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
App coordinators in iOS
App coordinators in iOSApp coordinators in iOS
App coordinators in iOS
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless Cloud
 
Getting Started with Docker on AWS
Getting Started with Docker on AWSGetting Started with Docker on AWS
Getting Started with Docker on AWS
 
Paris.py
Paris.pyParis.py
Paris.py
 
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016
Eric Hennekam | Netwerkdag Oorlogsbronnen 17 november 2016
 
Dslからのコードジェネレーションで楽々play開発
Dslからのコードジェネレーションで楽々play開発Dslからのコードジェネレーションで楽々play開発
Dslからのコードジェネレーションで楽々play開発
 
Projektinformation - EU REACH OUT
Projektinformation - EU REACH OUTProjektinformation - EU REACH OUT
Projektinformation - EU REACH OUT
 
International Journal of Renewable Energy and its Commercialization vol 2 iss...
International Journal of Renewable Energy and its Commercialization vol 2 iss...International Journal of Renewable Energy and its Commercialization vol 2 iss...
International Journal of Renewable Energy and its Commercialization vol 2 iss...
 
Infographic: Smartphone
Infographic: SmartphoneInfographic: Smartphone
Infographic: Smartphone
 
RubyエンジニアがPythonをdisるためにPythonを勉強してみた
RubyエンジニアがPythonをdisるためにPythonを勉強してみたRubyエンジニアがPythonをdisるためにPythonを勉強してみた
RubyエンジニアがPythonをdisるためにPythonを勉強してみた
 

Semelhante a Tanker: keep your secrets (in a) safe

You wanna crypto in AEM
You wanna crypto in AEMYou wanna crypto in AEM
You wanna crypto in AEMDamien Antipa
 
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...Puppet
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental iiSyaiful Ahdan
 
Testing curl for security
Testing curl for securityTesting curl for security
Testing curl for securityDaniel Stenberg
 
Web security programming_ii
Web security programming_iiWeb security programming_ii
Web security programming_iigoogli
 
Web Security Programming I I
Web Security Programming I IWeb Security Programming I I
Web Security Programming I IPavu Jas
 
Web security programming_ii
Web security programming_iiWeb security programming_ii
Web security programming_iigoogli
 
Practical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for DevelopersPractical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for DevelopersGökhan Şengün
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018HashiCorp
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Stanfy
 
XP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applicationsXP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applicationsVlad Fedosov
 
Dev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityDev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityMario Heiderich
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreWilliam Mann
 

Semelhante a Tanker: keep your secrets (in a) safe (20)

Cqcon2015
Cqcon2015Cqcon2015
Cqcon2015
 
You wanna crypto in AEM
You wanna crypto in AEMYou wanna crypto in AEM
You wanna crypto in AEM
 
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental ii
 
Testing curl for security
Testing curl for securityTesting curl for security
Testing curl for security
 
demo1
demo1demo1
demo1
 
Web security programming_ii
Web security programming_iiWeb security programming_ii
Web security programming_ii
 
Web Security Programming I I
Web Security Programming I IWeb Security Programming I I
Web Security Programming I I
 
Web security programming_ii
Web security programming_iiWeb security programming_ii
Web security programming_ii
 
Practical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for DevelopersPractical Cryptography and Security Concepts for Developers
Practical Cryptography and Security Concepts for Developers
 
Us 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesUs 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimes
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
 
SSH how to 2011
SSH how to 2011SSH how to 2011
SSH how to 2011
 
Total E(A)gression defcon
Total E(A)gression defconTotal E(A)gression defcon
Total E(A)gression defcon
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Old Linux Security Talk
Old Linux Security TalkOld Linux Security Talk
Old Linux Security Talk
 
XP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applicationsXP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applications
 
Dev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityDev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT Security
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & More
 

Último

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationJuha-Pekka Tolvanen
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...chiefasafspells
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 

Último (20)

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 

Tanker: keep your secrets (in a) safe

  • 1. Keep your secrets (in a) safe Dimitri Merejkowsky February 2017
  • 2. Me and Tanker Keep your secrets (in a) safe Tanker: powerful end-to-end encryption for cloud services (Dropbox, Onedrive, ...) Me:  Part-time Scrum Master  Buildfarm Guru  Continuous Integration  Deployment / Release scripts
  • 4. Software stack  Client backend: C++ (14!) with Botan  GUI: Qt WebView + HTML, CSS, JavaScript, React  Server backend: Go  Scripts: Python3
  • 5. But we use HTTPS! HTTPs alone won’t save you (especially if you don’t check the certificates) A virus can patch the client to by-pass the certificate verifications, or even send the data to an other server, so we need to make sure the client executables are not compromised.
  • 6. Applications store to the rescue! Our client binaries are signed, so as soon as you change something in the executable, the operating system will notice :) On Linux we can sign with a GPG key for instance.
  • 7. Tanker secrets Keep your secrets (in a) safe We have a few secrets to keep safe here at Tanker.  Signing keys for Windows and Mac  (This is required when you have an “official” Dropbox application such as ours)  Private ssh keys (stored on a USB drive)  ….
  • 8. The Hardware Security Module and the Air Gap Keep your secrets (in a) safe Lots of fancy words for a very simple idea: The hardware that contains the “secret” files (aka the HSM) is never connected to any network. And so, we put the HSM in a safe (a real one!) The safe has a key and a password
  • 9. Open or closed? Keep your secrets (in a) safe When everyone has left the office, should the safe be opened or closed?
  • 10. Open or closed? Keep your secrets (in a) safe During office hours, should the safe be opened or closed?
  • 11. What happens when the safe is always closed Keep your secrets (in a) safe  You have to type the password and use the key over and over again  You might forget to put stuff back in when you leave the office
  • 12. What happens when the safe is opened during office hours Keep your secrets (in a) safe  You only have to enter the password once per day (By the way, this is how sudo and ssh-agent work)  You are less likely to forget to close it when you leave  You see the contents of the safe so you are less likely to leave secrets outside, unprotected
  • 13. One last hack Keep your secrets (in a) safe  The key to the office door is placed right in front of the safe’s door  Same thing: you are less likely to forget to close the door when you leave
  • 14. Parting words Keep your secrets (in a) safe We’re hiring ! https://app.tanker.io/rabbit/ https://www.linkedin.com/company/tankerapp Follow us on twitter: @Tanker_Security