[H-GEN] Why bother with root when you can take the box?

Anthony Towns aj at azure.humbug.org.au
Tue Sep 16 13:22:42 EDT 2003 

On Fri, Sep 12, 2003 at 11:03:20AM +1000, Benjamin wrote:
> >Anthony Towns <aj at azure.humbug.org.au> writes:
> >>How come Linux distros still don't offer encrypted filesystems
> >>standard?
> It does seem like a little bit of a strange concept. Where do you keep 
> the key? 

On removable media, like a USB keyring, or in your head. Neither are
perfect, but nothing is, and either is better than nothing. It's possible
to salt and hash dictionary words to make them adequately robust and
difficult to attack.

> If the key is short enough for you to remember and type in, 
> it's short enough for the bad guys[1] to break. As I understand it a 
> short key is bad, but a short key with a whole bunch of data encrypted 
> with it is far far worse. 

The shortest key possible is the one you're using right now, and you're
encrypting all your data with it. It's little more than a moment's work
for anyone to steal a computer or just a hard drive, and grok through
all your information. There's no need for that to be the case.

Another interesting place to store the key, IMO, is on the network. That
way it's readily available without you having to do anything by
hand (if the power has cut out and your server wants to come back up
automatically), but if someone steals your computer, and tries to pull
it apart and get at the data, they've got no hope.

> What you really want is a key that is long 
> compared to the amount of data you're encrypting with it. By encryping 
> everything you're actually weakening your key.

Uh, that's not true, unless you're using a particularly weak cryptosystem.

Your worry for any reasonable cryptosystem is having a keyspace that's
non-uniformally distributed so that the bad guys can guess what key
you're using to a good degree of approximation. There are lots of 160
bit numbers, eg, there are much fewer 160 bits numbers that are the sha1
hash of a dictionary word.

> The question, then, is how do you access the key? 

Note that the key only has to be accessible at boot time: after that,
you can just store it in memory and use your regular access controls to
keep it (and the rest of your data) safe. Once you shut down and reboot,
you use the key again. The scenario you're trying to prevent is people
stealing your data physically -- as has happened recently in a couple of
cases with possible national security implications.

> Oh, and as soon as someone gets root access on your machine while you're 
> accessing your sensitive data you're gone anyway because they can watch 
> what you're typing.

One thing to be careful about when discussing security is to remember
what problem you're trying to solve. No security system is perfect,
and no security system will solve all your problems.

> 2) The filesystem that's encrypted should hold the files you need 
> encrypted and no more

That's both based on a flawed assumption, and has bad implications:
it's easy to make mistakes about what information will be useful to an
attacker; that's where things like traffic analysis become vulnerabilities
instead of mere curiousities. It's why governments and militaries mark
everything they possibly can as confidential or secret, even things that
you'd think couldn't pose any threat at all.

> 3) You can't encrypt any/many system files

The system files you use indicate what you use the system for. If I've
got blosxom installed, I'm probably writing a blog, which might be useful
information for you even if you can't find out exactly what I'm writing
in it.

> 4) Your box is never compromised, and is probably one you don't use 
> day-to-day.

Huh? The entire point here is protecting otherwise secured systems -- like
laptops and servers in machine rooms -- from physical theft. Protecting
your information against compromise over the network is an entirely
different area, and encrypting your disk isn't going to do anything at
all about that.

Cheers,
aj

-- 
Anthony Towns <aj at humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

Australian DMCA (the Digital Agenda Amendments) Under Review!
	-- http://azure.humbug.org.au/~aj/blog/copyright/digitalagenda
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available
URL: <http://lists.humbug.org.au/pipermail/general/attachments/20030917/442a9476/attachment.sig>

More information about the General mailing list