From: Rob Landley <landley@webofficenow.com>
To: John Polyakov <johnpol@2ka.mipt.ru>, Ryan Mack <rmack@mackman.net>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Encrypted Swap
Date: Mon, 6 Aug 2001 19:28:01 -0400 [thread overview]
Message-ID: <01080619280108.04153@localhost.localdomain> (raw)
In-Reply-To: <Pine.LNX.4.33L2.0108070106390.7542-100000@localhost.localdomain> <Pine.LNX.4.33.0108062239550.5316-100000@mackman.net> <200108070624.f776Ofl21096@www.2ka.mipt.ru>
In-Reply-To: <200108070624.f776Ofl21096@www.2ka.mipt.ru>
On Tuesday 07 August 2001 02:27, John Polyakov wrote:
> Hmmm, let us suppose, that i copy your crypted partition per bit to my
> disk.
> After it I will disassemble your decrypt programm and will find a key....
First of all, if the machine has a decent UPS than an administrator can be
required to manually restart it with a key disk or some such. Unix boxen
with batter backups don't go down much for anything short of a hardware
failure they wouldn't automatically reboot their way past anyway, and if it
DOES go down you have a choice between availability or security.
But if you DO want automatic reboots of a network connected box (LAN
perhaps), you could always have a key locally stored on the hard drive that
is NOT the one to unlock the local filesystem, but instead the key (set of
keys) required to talk to some server to get the local filesystem's key via
an encrypted session. That way if the machine is compromised and this is
noticed quickly enough (meaning a yank-and-run job won't do it, especially if
the server's checking in with the client fairly regularly), that machine's
access to the server can be switched off. (And that server may be on a LAN
rather than the internet; you can't move the box too far while you physically
molest it...) Of course this just relocates part of your vulnerability (to
the central keyserver: cue mark twain "put all your eggs in one basket and
WATCH THAT BASKET"), but requiring someone to physically crack TWO boxes to
get your data (keyserver and encrypted client box) is bound to add a LITTLE
extra security. And having the central keyserver allows key rotation...
Yeah you've got to expect they'll snoop your network traffic somehow, but
this is the basic problem cryptography was designed to address in the first
place, and having the key without root on the box doesn't do them too much
good either...
And in the "central keyserver" plus "clients with USB" case you can have
somebody manning the keyserver 24/7 and manually checking and approving all
reboots, which should almost never happen anyway...
> In any case, if anyone have crypted data, he MUST decrypt them.
> And for it he MUST have some key.
> If this is a software key, it MUST NOT be encrypted( it's obviously,
> becouse in other case, what will decrypt this key?) and anyone, who have
> PHYSICAL access to the machine, can get this key.
> Am I wrong?
I can think of scenarios where "must" doesn't apply here. I've never
personally been that paranoid, but the feds pay people to be clinically
certifiable 24/7. (Okay, find people who are clinically certifiable and then
hire them to do something nominally productive with it...)
> RM> -Ryan
Rob
next prev parent reply other threads:[~2001-08-07 8:30 UTC|newest]
Thread overview: 109+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-08-07 2:28 Encrypted Swap David Spreen
2001-08-07 3:56 ` Justin Guyett
2001-08-07 4:01 ` Chris Wedgwood
2001-08-07 4:12 ` Steve VanDevender
2001-08-07 4:23 ` John Polyakov
2001-08-07 4:36 ` Chris Wedgwood
2001-08-07 5:12 ` Garett Spencley
2001-08-07 5:55 ` Ryan Mack
2001-08-07 6:27 ` John Polyakov
2001-08-06 23:28 ` Rob Landley [this message]
2001-08-07 10:10 ` Christopher E. Brown
2001-08-07 14:05 ` Joel Jaeggli
2001-08-07 6:41 ` Crutcher Dunnavant
2001-08-07 6:57 ` Evgeny Polyakov
2001-08-07 6:45 ` Ryan Mack
2001-08-07 7:08 ` Evgeny Polyakov
2001-08-07 7:23 ` Sean Hunter
2001-08-07 8:39 ` Ben Ford
2001-08-07 12:28 ` Kevin Krieser
2001-08-07 12:39 ` Richard B. Johnson
2001-08-07 13:39 ` Re[2]: " s0mbre
2001-08-08 2:24 ` Re[2]: Encrypted Swap (random off-topic snippet) Dr. Kelsey Hudson
2001-08-08 2:51 ` Michael H. Warfield
2001-08-07 14:21 ` Encrypted Swap Ignacio Vazquez-Abrams
2001-08-07 7:26 ` Ryan Mack
2001-08-07 7:34 ` Jeffrey Considine
2001-08-07 7:49 ` Crutcher Dunnavant
2001-08-07 9:01 ` Peter Wächtler
2001-08-07 12:37 ` Michael Bacarella
2001-08-17 14:50 ` Holger Lubitz
2001-08-17 15:39 ` Richard B. Johnson
2001-08-17 15:57 ` Holger Lubitz
2001-08-17 16:34 ` Gerhard Mack
2001-08-17 16:50 ` Richard B. Johnson
2001-08-17 17:06 ` Adrian Cox
2001-08-17 17:16 ` Richard B. Johnson
2001-08-17 17:22 ` Jacob Alifrangis
2001-08-17 17:36 ` Adrian Cox
2001-08-17 18:51 ` Nicholas Knight
2001-08-17 19:30 ` Richard B. Johnson
2001-08-18 8:51 ` Adrian Cox
2001-08-18 11:02 ` Eric W. Biederman
2001-08-19 8:51 ` Adrian Cox
2001-08-20 1:27 ` Richard B. Johnson
2001-08-20 11:08 ` Helge Hafting
2001-08-20 11:50 ` Ian Stirling
2001-08-21 13:55 ` Andreas Bombe
2001-08-17 20:00 ` Andreas Dilger
2001-08-07 20:09 ` Maciej Zenczykowski
2001-08-07 7:34 ` Steve VanDevender
2001-08-07 7:55 ` Crutcher Dunnavant
2001-08-07 15:17 ` Garett Spencley
2001-08-07 7:49 ` Helge Hafting
2001-08-07 7:58 ` Crutcher Dunnavant
2001-08-07 9:23 ` Helge Hafting
2001-08-07 13:29 ` Wichert Akkerman
2001-08-07 15:56 ` Chris Wedgwood
2001-08-07 16:54 ` Alan Cox
2001-08-07 17:10 ` Chris Wedgwood
2001-08-07 9:52 ` Brian May
2001-08-07 14:48 ` Joel Jaeggli
2001-08-07 15:59 ` Chris Wedgwood
2001-08-07 16:18 ` Joel Jaeggli
2001-08-07 16:24 ` Florian Weimer
2001-08-07 17:14 ` [OT] Cold, Dead Hard drives (was: Encrypted Swap) Stephen Satchell
2001-08-08 2:13 ` Encrypted Swap Dr. Kelsey Hudson
2001-08-07 20:30 ` Ian Stirling
2001-08-07 10:33 ` Andrea Arcangeli
2001-08-13 3:32 ` swap & deadlocks [was Re: Encrypted Swap] Pavel Machek
[not found] <no.id>
2001-08-07 14:17 ` Encrypted Swap Alan Cox
2001-08-07 15:16 ` Crutcher Dunnavant
2001-08-07 16:01 ` Chris Wedgwood
-- strict thread matches above, loose matches on Subject: below --
2001-08-07 14:37 encrypted swap David Maynor
2001-08-07 14:48 ` Billy Harvey
2001-08-07 16:03 ` Chris Wedgwood
2001-08-07 15:06 David Maynor
2001-08-07 15:11 ` Florian Weimer
2001-08-07 15:43 ` Joel Jaeggli
2001-08-07 15:30 ` Garett Spencley
2001-08-07 16:21 ` David Spreen
2001-08-08 8:11 ` Helge Hafting
2001-08-07 15:28 David Maynor
2001-08-07 15:51 ` Florian Weimer
2001-08-07 17:30 Encrypted Swap David Maynor
2001-08-07 17:27 ` Rik van Riel
2001-08-07 18:53 encrypted swap Torrey Hoffman
2001-08-07 19:15 ` Thomas Pornin
2001-08-07 19:23 ` Dan Podeanu
2001-08-07 19:48 ` Andreas Dilger
2001-08-07 20:04 ` Marty Poulin
2001-08-07 21:06 ` David Wagner
2001-08-07 21:56 ` D. Stimits
2001-08-07 21:44 ` Pavel Machek
2001-08-07 19:48 ` Justin Guyett
2001-08-07 20:05 ` Alan Cox
2001-08-07 20:17 ` Bill Rugolsky Jr.
2001-08-07 21:40 David Spreen
2001-08-17 17:10 Encrypted Swap David Christensen
2001-08-17 17:21 ` Richard B. Johnson
2001-08-17 18:41 ` Eric W. Biederman
2001-08-17 19:05 ` Dan Hollis
2001-08-18 9:52 ` Eric W. Biederman
2001-08-18 10:24 ` Nicholas Knight
2001-08-18 12:32 ` Eric W. Biederman
2001-08-17 19:20 ` Richard B. Johnson
2001-08-18 10:34 ` Eric W. Biederman
[not found] <fa.kmbqblv.v3uvig@ifi.uio.no>
2001-08-18 14:53 ` Ted Unangst
2001-08-18 15:17 ` Mr. James W. Laferriere
2001-08-20 11:03 ` Helge Hafting
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=01080619280108.04153@localhost.localdomain \
--to=landley@webofficenow.com \
--cc=johnpol@2ka.mipt.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=rmack@mackman.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox