[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

How to protect an encrypted file system for off-line attack?



Sorry for my ignorance in this respect, I hope you can help me.

I'm actually using encfs to protect my sensitive data, but this is what
is said in the manual:

"""The most intrusive attacks, where an attacker has complete control of
the user’s machine (and can therefor modify EncFS, or FUSE, or the
kernel itself) are not guarded against. Do not assume that encrypted
files will protect your sensitive data if you enter your password into a
compromised computer.  How you determine that the computer is safe to
use is beyond the scope of this documentation."""

So my question is: how can I truly protect a filesystem against offline
attacks?

I have thinking of using an SD card for storing the passwords in, and
some kind of script or program to automatically retrive password from
the card when needed. Then, if I retire the card, then my filesystem is
secure.

But I also have more questions... is the AES encoder that encfs uses by
default secure enough? If not, is there another way to use another one,
for example, GnuPG?

Thank you.



-- 
gpg --keyserver pool.sks-keyservers.net --recv-keys AFC23C68


Reply to: