[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto filesystems



Mike

Probing questions. I must confess I haven't really thought this through
in any depth, although some scenario features do jump immediately to
mind. For example, it's one thing to have one or more encrypted
filesystems on a single-user workstation. It's quite another to support
multiple users' encrypted files and filesystems on a multi-user system
like a file server.

In a multi-user scenario I would expect an encryption environment that
not only cloaks my active presence, but also my immediate activity in
terms of the existence and size of individual files, the total number of
my files, total filespace occupied, and so on. Static forensics plus
opsec.

This is an obvious challenge for the military and especially the
intelligence "community", and for anyone else desiring absolute privacy.
In the extreme, not even sysadmins have a need to know. So when a
cryptofilesystem is selected, it must be manageable as a single binary
large object. That's how it must be created, backed up, restored, and
fsck'd as though it was so much random noise. Otherwise it's not a true
cryptofilesystem, right? And probably not something for a multi-boot
system.

Its characteristics should be something like this:  huge (SAN?) so that
an individual user's filespace is dwarfed in the overall magnitude of
things, unmanaged in the sense that even sysadmins have very little
visibility into its inner workings, and protected I/O channels so that
sniffing cannot be employed. From a programming standpoint, a user
should only present his bona fides, a unique session key, and some set
of location coordinates (which I've not had time to think through) to
inject/extract information into or out of such a cryptofilesystem.

This ain't gonna be (1) easy or (2) efficient. But those factors don't
matter much in this context, do they?

--Doc

On Tue, 2003-01-28 at 20:39, mike808@users.sourceforge.net wrote:
> I'm running a multi-boot system and checking out differences in filesystem
> support.
> 
> So far, SuSE, RH, and MDK agree on my LVM setup.
> Mandrake hardcodes the filesystem types in /etc/fstab, so when you install
> other OSes that reformat a partition to ReiserFS from ext2 or ext3, it
> gets upset.
> 
> As for crypto filsystem support, SuSE has it as part of the install.
> Very nice. Although, you only get a boot-time choice to mount it, not
> per-user. It's in its own /etc/cryptofstab and some nice start/stop wrappers
> in /etc/init.d. It uses blowfish encryption, btw.
> 
> RedHat does have cryptofs support, but only of the DES and XOR variety.
> Looks more like a proof-of-concept inclusion, rather than useful integration.
> I base that on the weak encryption offered.
> 
> It would be nice if the various distros supported cryptofs in a unified way.
> 
> Anyone else have experiences to share with using cryptofs or LVMs across 
> multiple distros?
> 
> I'll be checking out Knoppix, Lycoris, and Xandros support for these soon.
> 
> Mike808/




-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.