[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Musings about on-disk encryption in Fedora Core
- From: "mike flyn org" <mike flyn org>
- To: fedora-devel-list redhat com
- Subject: Re: Musings about on-disk encryption in Fedora Core
- Date: Tue, 06 Jul 2004 09:54:02 -0500
>> If my system password is not unknown to others then my encryption
>> password is probably no good either. I think root has to be trusted in
>> most cases. I would be interested to hear any arguments that "only
>> mount[ing] the encrypted, potentially sensitive stuff when you need it"
>> would be more secure than unmounting encrypted volumes a login time
>> (assuming a strong system authentication token).
> If I have a different password, there is no representation of it on disk
> (like crypt() or MD5 hashes of a login password). There's a reason my
> PGP pass phrase is different from my login password as well ;-). If one
> is compromised, the other isn't.
As I mentioned, I am assuming a strong system authentication token. As you
mention, storing MD5 hashes on disk is not a strong system authentication
token. But I'm sure one could produce a technique for storing passwords on
disk that would be as difficult to decipher as performing a known plain text
attack on your on-disk encrypted data.
I would also argue that if I have access to your account than I eventually
have access to your PGP keys. I can install something in .bash_profile and I
can read your process memory, right?
I suppose that one could argue that all these passphrases and passwords are a
defense in depth technique, but here is a fundamental problem: your system
authentication token says to the system "this is me" and if that is not the
case then all else is eventually doomed.
--
Mike
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]