Re: reiser4 plugins

From: Hubert Chan
Date: Sat Jun 25 2005 - 19:26:56 EST

Next message: Sid Boyce: "Re: Problem compiling 2.6.12"
Previous message: Michał Piotrowski: "[ANNOUNCE] ORT - Oops Reporting Tool v.b3"
In reply to: David Masover: "Re: reiser4 plugins"
Next in thread: David Masover: "Re: reiser4 plugins"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 25 Jun 2005 16:31:37 -0400, Valdis.Kletnieks@xxxxxx said:

[...]

> Meanwhile, PGP was designed to be used in an environment where you
> could do this: "Today's secret plans are AES256 encrypted. The key is
> the next key in your one-time-pad book, XOR'ed with your 128-bit
> secret key - do it in your head". (And yes, you can easily memorize a
> 16-digit hex number and learn to do an XOR with another 16-digit
> number, if failing to do so means you could end up dead).

Huh? I have no idea what this has to do with PGP vs. encryption being
handled by the filesystem/loopback/dm-crypt. What's the difference
between that scenario and "Today's secret plans are stored in the
loopback file foo.iso on an AES256 encrypted ISO. The key is ... "?

Or "Today's secret plans are stored AES256 encrypted in foo.txt. To
access it, you'll need to do {magic command to enter the key into the
filesystem} [1]. The key is ..."?

[1] I have no idea what kind of interface the crypto plugin in Reiser4
will have. I'm assuming that there will be some commands for adding and
removing keys from the plugin. If such commands don't exist, then we
have a seriously broken system.

> This is inconvenient for the user, but intractable for an attacker to
> create a scenario where they can just 'vi /each/decrypted/file' ;)

If you can memorize a 16-digit hex number and do XOR in your head, you
can learn to unmount the loopback/remove the key from the filesystem
too.

Which is definitely easier than remembering to create a temporary RAMFS,
mount it (with the right permissions!), decrypt the secret plans to that
FS, edit the plans, re-encrypt the plans, blow away the RAMFS...

>> won't do it. If security is transparent, just enter a password and
>> go, then more people would do it.

> "Just enter a password and go, then more people would do it".

> Two words: "phishing e-mail".

Social engineering works in meatspace too. Most people have locks on
their doors, even though they're easy to get around if you can pretend
to be from the electrical/gas/water company. But having locks on your
doors is better than not having locks, because it prevents other types
of attacks.

I don't care if phishing gets around encryption. It would work the same
if people didn't have their stuff encrypted. But users with encrypted
stuff are safer from other types of attacks, and no less safe from
phishing.

I'd rather have people encrypting all their stuff and still be
vulnerable to phishing but secure from someone stealing their computer
and fetching all their personal data, than having people not encrypt
their stuff and have all their personal data harvested when they lose
their computers and still be vulnerable to phishing.

P.S. Is the custom on the linux-kernel list really to Cc: everyone and
their dog? I'm seeing a lot of long Cc: lists here...

--
Hubert Chan <hubert@xxxxxxxxx> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sid Boyce: "Re: Problem compiling 2.6.12"
Previous message: Michał Piotrowski: "[ANNOUNCE] ORT - Oops Reporting Tool v.b3"
In reply to: David Masover: "Re: reiser4 plugins"
Next in thread: David Masover: "Re: reiser4 plugins"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]