[H-GEN] Why bother with root when you can take the box?

Benjamin benjamincarlyle at optusnet.com.au
Thu Sep 11 21:03:20 EDT 2003


[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Jason Parker-Burlingham wrote:
> Anthony Towns <aj at azure.humbug.org.au> writes:
>>How come Linux distros still don't offer encrypted filesystems
>>standard?
> I can't answer that question, but I can tell you why I don't use an
> encrypted filesystem!  Basically it comes down to being a matter of
> having no need to encrypt *everything* (I realize the example I cut
> out of your quote above is different); instead I will encrypt small
> files to protect passwords for web services and the like.  That way
> lets me manage my encryption on a finely grained basis and I do not
> risk having to recreate all that unencrypted data if something goes
> awry.  The old export restrictions might play a delaying role, too.

It does seem like a little bit of a strange concept. Where do you keep 
the key? If the key is short enough for you to remember and type in, 
it's short enough for the bad guys[1] to break. As I understand it a 
short key is bad, but a short key with a whole bunch of data encrypted 
with it is far far worse. What you really want is a key that is long 
compared to the amount of data you're encrypting with it. By encryping 
everything you're actually weakening your key.

... and if the key is too long to remember it essentially has to be on 
removable media, because storing the key with the data is plain dumb. 
The question, then, is how do you access the key? If you want the bulk 
of your data encrypted then you still at least need the root filesystem 
available unencrypted to be able to mount the usb hard-drive that you 
store it on.

Oh, and as soon as someone gets root access on your machine while you're 
accessing your sensitive data you're gone anyway because they can watch 
what you're typing.

Given all of this, such a filesystem would be reasonable given the 
following security constraints:
1) The key is long and stored on removable media, possibly encrypted 
with a short key to prevent casual reading should it fall into the wrong 
hands
2) The filesystem that's encrypted should hold the files you need 
encrypted and no more
3) You can't encrypt any/many system files
4) Your box is never compromised, and is probably one you don't use 
day-to-day.

Given all of this maybe all you need is an encrypted tar[2] and a 
mechanism to easily browse it. Perhaps a filesystem is still the best 
way to do this. Is there really nothing out there? Maybe it's just that 
Noone who's in the encryption/security field sees this as a feasible 
enough solution to data privacy to be interested in it :) After all, 
it's actually more restrictive than encrypting the individual files. At 
least with the individual files you can choose different keys for each 
if you wanted to.

Benjamin
[1] John Howard, or maybe one of the people who steals his computers
[2] or similar


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/



More information about the General mailing list