Re: Keeping files away from users

To: debian-security@lists.debian.org
Subject: Re: Keeping files away from users
From: Lars Ellenberg <l.g.e@web.de>
Date: Thu, 5 Jun 2003 10:44:47 +0200
Message-id: <[🔎] D6nc+LblK9vJIQMEyHGBWKc=lge@web.de>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 200306050930.51198.lgomez@infoemergencias.com>
References: <[🔎] 200306050930.51198.lgomez@infoemergencias.com>

On Thu, Jun 05, 2003 at 09:30:51AM +0200, Luis Gomez - InfoEmergencias wrote:
> We'd like to protect that content, so that even if someone unplugs the machine 
> and connects the HD to another Linux box, they can't access that information. 
> Of course it's difficult to do, but we think there might be a possibility to 
> achieve success.

encrypted loop device?
with apropriate initrd you can even boot from encrypted root
/, swap , /etc ...

of course, you need to provide the passphrase on every boot, and if
someone has it, its cleartext in any machine.

btw, has someone an estimate on how long brute force will
take on such a device to reveal the real data?

or keep an encrypted copy of all relevant files separately, and on
bootup / service startup you decrypt it temporarily to the correct
location, start the service, and unlink it again (after you wiped it
with garbage, of course ;-] ). (will probably not work if services try
to be smart and reread their conf files on a regular basis...)

	Lars

Reply to:

Follow-Ups:
- Re: Keeping files away from users
  - From: Adam ENDRODI <borso@vekoll.saturnus.vein.hu>

References:
- Keeping files away from users
  - From: Luis Gomez - InfoEmergencias <lgomez@infoemergencias.com>

Prev by Date: Re: Keeping files away from users
Next by Date: Re: Keeping files away from users
Previous by thread: Re: Keeping files away from users
Next by thread: Re: Keeping files away from users
Index(es):
- Date
- Thread