Re: signing a filesystem

Andrew G. Morgan (morgan@parc.power.net)
Thu, 2 Jan 1997 11:46:13 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Nicholas J. Leon: "Re: Video card questions..."
Previous message: Alan Cox: "Re: too much untested code in new kernels"
Next in thread: Daniel A. Taylor: "Re: signing a filesystem"
Reply: Daniel A. Taylor: "Re: signing a filesystem"
Reply: Daniel G. Linder: "Re: signing a filesystem"

Daniel A. Taylor wrote:
> > > Encryption works better, because if your attacker cannot read the
> >
> > But addresses a different concern. It would also be (legally) difficult to
...
> > such data is "correct".
>
> Encryption addresses the proper concern. An encrypted file
> cannot be modified without decrypting it first. Any attempt
> to modify it in it's encrypted state is likely to render the
> file useless rather than simply changing the data by making
> it impossible to decrypt. Therefore, if you are running on
> an encrypted file system, any attempt to modify the files or
> filesystem meta-data from outside the avenues provided by
> the OS will result in filesystem corruption. If file system
> integrity *OR* security is important enough to care, it is
> better to have to do a full filesystem restore if either is
> suspect than risk the loss of either.

This is not a flame. Don't get me wrong, encryption is marvelous. Use it if
and where you can. But what if you can't? (Cross your fingers?)

Regards

Andrew

-- 
               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
                  http://parc.power.net/morgan/index.html
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]

Next message: Nicholas J. Leon: "Re: Video card questions..."
Previous message: Alan Cox: "Re: too much untested code in new kernels"
Next in thread: Daniel A. Taylor: "Re: signing a filesystem"
Reply: Daniel A. Taylor: "Re: signing a filesystem"
Reply: Daniel G. Linder: "Re: signing a filesystem"