[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: root fs/crypted

On Wed, May 30, 2001 at 12:17:35PM +0900, Curt Howland wrote:

> [cut]
> but that only works at startup. if the system is running,
> having the entire disk encrypted is no different than the
> fact it's all in hex already. an individual user based
> encryption means all you have to do is logout, not power
> down, to kill the "decryption" process and thwart snooping.
> so how about a start-up passphrase protecting everything
> owned by root, then another for each individual user? but
> that would cancel root's ability to read everything....

we should not aim to protect root from accessing userdata.
user must trust root. root could replace losetup by a 
malicious logging one.

this double keying makes sence, in the usual raided-case.
(the rootfs could reside on an encrypting loop device,
the user homedirs could reside as image files on an
unencrypted secondary partition, although we lose
the feature of dynamic space allocation, since these
user files are images with static file sizes.
cfs is much more usefull for user encryption, but
much slower).


Reply to: