[H-GEN] Why bother with root when you can take the box?
Benjamin
benjamincarlyle at optusnet.com.au
Thu Sep 11 21:03:20 EDT 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
Jason Parker-Burlingham wrote:
> Anthony Towns <aj at azure.humbug.org.au> writes:
>>How come Linux distros still don't offer encrypted filesystems
>>standard?
> I can't answer that question, but I can tell you why I don't use an
> encrypted filesystem! Basically it comes down to being a matter of
> having no need to encrypt *everything* (I realize the example I cut
> out of your quote above is different); instead I will encrypt small
> files to protect passwords for web services and the like. That way
> lets me manage my encryption on a finely grained basis and I do not
> risk having to recreate all that unencrypted data if something goes
> awry. The old export restrictions might play a delaying role, too.
It does seem like a little bit of a strange concept. Where do you keep
the key? If the key is short enough for you to remember and type in,
it's short enough for the bad guys[1] to break. As I understand it a
short key is bad, but a short key with a whole bunch of data encrypted
with it is far far worse. What you really want is a key that is long
compared to the amount of data you're encrypting with it. By encryping
everything you're actually weakening your key.
... and if the key is too long to remember it essentially has to be on
removable media, because storing the key with the data is plain dumb.
The question, then, is how do you access the key? If you want the bulk
of your data encrypted then you still at least need the root filesystem
available unencrypted to be able to mount the usb hard-drive that you
store it on.
Oh, and as soon as someone gets root access on your machine while you're
accessing your sensitive data you're gone anyway because they can watch
what you're typing.
Given all of this, such a filesystem would be reasonable given the
following security constraints:
1) The key is long and stored on removable media, possibly encrypted
with a short key to prevent casual reading should it fall into the wrong
hands
2) The filesystem that's encrypted should hold the files you need
encrypted and no more
3) You can't encrypt any/many system files
4) Your box is never compromised, and is probably one you don't use
day-to-day.
Given all of this maybe all you need is an encrypted tar[2] and a
mechanism to easily browse it. Perhaps a filesystem is still the best
way to do this. Is there really nothing out there? Maybe it's just that
Noone who's in the encryption/security field sees this as a feasible
enough solution to data privacy to be interested in it :) After all,
it's actually more restrictive than encrypting the individual files. At
least with the individual files you can choose different keys for each
if you wanted to.
Benjamin
[1] John Howard, or maybe one of the people who steals his computers
[2] or similar
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list