Re: signing a filesystem

Andrew G. Morgan (
Thu, 2 Jan 1997 11:46:13 -0800 (PST)

Daniel A. Taylor wrote:
> > > Encryption works better, because if your attacker cannot read the
> >
> > But addresses a different concern. It would also be (legally) difficult to
> > such data is "correct".
> Encryption addresses the proper concern. An encrypted file
> cannot be modified without decrypting it first. Any attempt
> to modify it in it's encrypted state is likely to render the
> file useless rather than simply changing the data by making
> it impossible to decrypt. Therefore, if you are running on
> an encrypted file system, any attempt to modify the files or
> filesystem meta-data from outside the avenues provided by
> the OS will result in filesystem corruption. If file system
> integrity *OR* security is important enough to care, it is
> better to have to do a full filesystem restore if either is
> suspect than risk the loss of either.

This is not a flame. Don't get me wrong, encryption is marvelous. Use it if
and where you can. But what if you can't? (Cross your fingers?)



               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
       [ For those that prefer FTP  --- ]