Chris Hickman and Jon Christensen of Kelsus and Rich Staats of Secret Stache conclude their encryption series by discussing symmetric cryptography and Amazon Web Services (AWS).
Some of the highlights of the show include:
- Quality Control of Voice Assistance: Apple claims only your phone, not Apple or Siri, knows unique IDs to delete recordings
- Encryption Liability: Apple didn’t encrypt, only anonymized, your recordings with Siri
- Can you keep a secret? Symmetric encryption is a single key that encrypts/decrypts data
- Key Management Service (KMS): AWS’ core service involves symmetric encryption to generate and manage cryptographic keys
- Hardware Security Module (HSM): Stores secrets/master key and provides encryption/decryption services
- Pros and Cons of Protocols: Control of authentication and authorization, lower latency, managed device, durable and scalable firmware updates, and unfamiliar to auditors
- Customer Master Key (CMK): KMS hierarchy to manage cryptographic key
- Create Key Passwords: Allow KMS or AWS to generate password, or provide it yourself
- Recommendation: If doing KMS at scale, envelope encryption is a must; primary encryption-decryption involves creating new data key
- How to deal with breaches, compromised keys? Enforce waiting period prior to deleting or rotating master key
Links and Resources
Mobycast’s toll-free voicemail: 844-818-0993
Mobycast’s Email: firstname.lastname@example.org
Rich: In Episode 76 of Mobycast, Jon and Chris finish our series on encryption by digging into AWS’ encryption services. Welcome to Mobycast, a weekly conversation about cloud-native development, AWS, and building distributed systems. Let’s jump right in.
Jon: Welcome, Chris and Rich. It’s another episode of Mobycast.
Chris: Hey, guys. It’s good to be back.
Jon: Yeah, good to have you back. Rich, what have you been up to?
Rich: Looks like we’re going to have our first full time senior developer hire. It’s going to be a promotion from within, but this will be the first actual full time salaried employee. I spent the weekend trying to figure out what the job role would look like, what the expectations would be.
Jon: Mobycast listener I assume?
Rich: No, it’s the developer who’s been with me the longest. It’s just ready for him to take that full-time commitment. It’s more or less me giving the commitment to him, as he’s already proven that he’s ready and willing. It was just really hard for me to come up with what that salary should be, commensurate with where he lives, and also what he’s done.
I spent probably 15 hours this weekend thinking through it, but it was one of the best exercises I’ve done because it also forced me to define all of the different rules that were there but never defined in our company. The outcome is that we’ll have a growth plan for anyone who works for us moving forward, which is pretty sick.
Jon: I’ve been really pleased with the WordPress work especially the back-end parts and pieces that your team at Secret Stache has done. I know that Alex, your new person, is a big part of that. So congratulations, that’s great.
Rich: It’s scary because it’s a huge commitment. But I feel like this is the risks you’re supposed to take in entrepreneurship. This is the right move regardless of whether or not […].
Jon: How about you Chris? What have you been up to?
Chris: Recently I transitioned away from some of the day-to-day client work here at Kelsus. I’ve been working on account for, basically since day one for about 2½ years. That took up a lot of my time, in fact most of my time.