[H-GEN] Why bother with root when you can take the box?

Benjamin benjamincarlyle at optusnet.com.au
Fri Sep 12 01:44:39 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Trent WADDINGTON wrote:
> On Fri, 12 Sep 2003, Benjamin wrote:
>>with it is far far worse. What you really want is a key that is long
>>compared to the amount of data you're encrypting with it. By encryping
>>everything you're actually weakening your key.
> Very true, which is one of the reasons why multilevel passwords are a good
> idea.  You have a long key to encrypt large amounts of data and then you
> encrypt that long key with a short key that you can remember.  Compared to
> the short key, the long key is a small amount of data, so it's more secure
> than if you were to encrypt the large amount of data with the small key.

Perhaps what you really want is a removable device that is at least as 
big as the amount of data you want to encrypt. You fill the removable 
hard-drive with a real random number sequence. On your harddrive you 
store all your data as an xor of the corresponding bits on your 
removable device. Given that you can get 1 gig usb flash media these 
days it starts to look like a reasonable way to do your encryption :)

You're always open to someone obtaining root access on your box and 
watching you type stuff in or otherwise stealing your key, but if you 
could store all of your data as an xor of your random sequence and 
someone simply steals your hard-drive there's theoretically no way to 
extract the data without your random number sequence[1]. How much data 
do you need to be encrypted anyway? If you're administering data 
produced by a large number of people you might need something more 
scalable, but if you're only encrypting your own data then it might work 
well :)

The problem then boils down to the security of your removable 
hard-drive. Physical security may be easier to manage than that of your 
PC because you can always have it on you. You could reinforce that 
security by encrypting the sequence using a multi-level password system. 
Of course each key in that multi-level system needs to be physically 
secured also. A multi-level password system is only as strong as its 
weakest password if someone has access to all the encrypted keys.

Oh, and is this better than just keeping your confidential data 
encrypted with a multi-level password system? Probably not :) Ultimately 
all of these schemes come down to the question of how many keys do I 
need to have at the same time in order to break this system? and how do 
I manage the physical security of each key? My feeling is that once you 
go past 1) the encrypted data, 2) some key, and 3) some password to 
activate the key you're in a process of diminishing returns. It also 
looks to me like the multi-level password idea is the only reasonable 
one because at each level it minimises the size of the data encrypted 
when compared to the size of the key required to access it, which is no 
doubt cryptographically safer than a simple password protecting data 
that is the same size as that which is encrypted.

I've been interested lately in the idea of using a usb hard-drive to 
manage keys for digital signatures, authentication and encryption. I 
think it would be cool to be able to plug a usb key-ring into one of the 
sockets on my computer at the gdm login and have my computer 
automatically detect the insert event, mount the drive, notice that it 
contains authentication data, and let me into the system. My biggest 
sticking point with all of this is that the computer has physical access 
to the keys. I would love to have a USB device that instead of simply 
storing data could answer authentication challenges and have an 
interface for passing data in and retrieving the encrpyted form of the 
data back out again. I just don't like the idea of my computer knowing 
my password ;)

Anyway, pie in the sky :)

Benjamin
[1] I am not a cryptographer, nor am I a cryptologist :)


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list