[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: crypto file system - URGENT REQUEST FOR HELP
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: crypto file system - URGENT REQUEST FOR HELP
- From: HBurde_(_at_)_t-online_(_dot_)_de (me)
- Date: Sat, 26 May 2001 18:09:53 +0100 (WEST)
- Reply-to: me <hburde_(_at_)_t-online_(_dot_)_de>
I would like to see something that is well integrated and not just a hack -
as with most of the crypto stuff today. It should work local and remote (NFS)
and share some usefull feature from 'normal' FS like fsck, repair , dump etc.
Maybe with a /etc/secure_zones Configuration File where you can put Files or
Filesystems that should be encrypted. Maybe programs that work on such FS
should be signed in order to work with the C-FS and so on ...
>Lost in all of this is something very simple, I think:
>A crypto filesystem should be another layer in your "wedding cake" approach
>A crypto fs that allowed you to mount a file or remotely share files would
>be useful for backup. In such a case, you could use an untrusted/less
>trusted host to store your encrypted files.
>Example: I mount a crypto fs remotely with a passphrase that must be typed
>in each time. The local root could access the passphrase (assuming root is
>compromised) but the remote root user would not be able to compromise the
>data. When the machine is turned off, the passphrase goes away; it must be
>typed in. So someone physcially steals the box - unless they keep power
>supplied to it at all times they have nothing...
Dipl. Inform. Holger Burde
URL : http://home.t-online.de/home/hburde (get PGP Key here)