rigelreyes

import "time"

# Expect requests to only happen during work days (Monday through Friday)
# 0 for Sunday and 6 for Saturday
workdays = rule {
    time.now.weekday > 0 and time.now.weekday < 6
}

# Expect requests to only happen during work hours (7:00 am - 6:00 pm)
workhours = rule {

rigelreyes

path "db_rsa_key/*" {
  capabilities = ["read", "list"]
}

jessehub

provider "aws"{
  region = "us-east-1"
}

data "aws_ami_ids" "ubuntu18-hvm" {
  owners = ["099720109477"]

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]

v6

How would Vault's encryption handle attacks from quantum computers?

I've been researching HashiCorp Vault lately, and I really like that it uses strong cryptography for it's core security mechanisms.

https://www.vaultproject.io/docs/internals/security.html#external-threat-overview

I want to learn more about this, because it's interesting to discuss.

And it may end up affecting many security systems that rely on conventional mechanisms of cryptography in the future, as the technology advances and state actors begin to adopt it.

jaelliot

Is Vault resistant to attacks from quantum computers?

I've been researching vault lately, and I really like that it uses strong cryptography for it's core security mechanisms.

I want to learn more about this, because it's interesting to discuss and it may end up affecting many security systems in the future.




Is Vault resistant to attacks from quantum computer? I've been researching vault lately, and I really like that it uses strong cryptography for it's core security mechanisms. But I couldn't help but wonder, just how secure are those implementations? Can someone trick the TLS authentication, or brute force decrypt Vault's secrets with quantum encryption? If they can be brute force attacked, then could vault be rebuilt to resist quantum attacks?

SuperSandeep

# -*- mode: ruby -*-
# vi: set ft=ruby :
 
$script = <<SCRIPT

echo "THIS WILL MAKE A VM WITH 1 CONSUL RUNNING IN SERVER MODE, AND ANOTHER RUNNING IN CLIENT MODE"

echo "Installing dependencies on the new VM created by Vagrant ..."
sudo apt-get update
sudo apt-get install -y unzip curl jq dnsutils

v6

# -*- mode: ruby -*-
# vi: set ft=ruby :
 
echo "THIS WILL MAKE A VM WITH 1 CONSUL RUNNING IN SERVER MODE, AND ANOTHER RUNNING IN CLIENT MODE"

$script = <<SCRIPT
 
echo "Installing dependencies on the new VM created by Vagrant ..."
sudo apt-get update
sudo apt-get install -y unzip curl jq dnsutils

v6

super-duper-vault-train $ls
LICENSE					initpayload.json
PRODUCTION_INSTALLATION.md		instance7_consul_http_token.txt
README.md				instance7_vault_consul_http_token.txt
Vagrantfile				myunseal.sh
Vagrantfile.new				playbooks
account.sh				prereqs.sh
configureconsul.sh			provision_consul
configurevault.sh			provision_vault
consuldownload.sh			vaultdownload.sh

v6

#!/usr/bin/env bash

  ##  Install the latest Vault on a Mac.
  ##  Run this as follows: 
  ##  bash <(curl -s https://gist.githubusercontent.com/v6/d7c1f40a25b5a12a469d76f7efb7733e/raw/59f0f5e4cc3bba4d01ce2c4099f8df0cee72d187/latestvaultosx.sh)

release="$(curl -s https://releases.hashicorp.com/vault/index.json|jq -r '.versions[].version'|grep -v 'beta\|rc' | grep '0.1' | tail -n 1)"
download="https://releases.hashicorp.com/vault/${release}/vault_${release}_darwin_amd64.zip"
echo "Vault Release: ${release}"
echo "Vault Download: ${download}"

v6

openssl pkcs7 -inform DER -print_certs -in azwus-prd-hashi-vault001_prod_azwus_nathantech_com.p7b -out azwus-prd-hashi-vault001_prod_azwus_nathantech_com_stacked.cer