[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: crypto file system - URGENT REQUEST FOR HELP


I would like to see something that is well integrated and not just a hack - 
as with most of the crypto stuff today. It should work local and remote (NFS)
and share some usefull feature from 'normal' FS like fsck, repair , dump etc.
Maybe with a /etc/secure_zones Configuration File where you can put Files or 
Filesystems that should be encrypted. Maybe programs that work on such FS 
should be signed in order to work with the C-FS and so on ...

>Lost in all of this is something very simple, I think:
>A crypto filesystem should be another layer in your "wedding cake" approach
>to security.
>A crypto fs that allowed you to mount a file or remotely share files would
>be useful for backup.  In such a case, you could use an untrusted/less
>trusted host to store your encrypted files.  
>Example: I mount a crypto fs remotely with a passphrase that must be typed
>in each time.  The local root could access the passphrase (assuming root is
>compromised) but the remote root user would not be able to compromise the
>data.  When the machine is turned off, the passphrase goes away; it must be
>typed in.  So someone physcially steals the box - unless they keep power
>supplied to it at all times they have nothing...

Dipl. Inform. Holger Burde 
URL : http://home.t-online.de/home/hburde (get PGP Key here)

Visit your host, monkey.org