[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to protect an encrypted file system for off-line attack?

On 02/21/2009 10:16 AM, Javier wrote:

Sorry for my ignorance in this respect, I hope you can help me.

I'm actually using encfs to protect my sensitive data, but this is what
is said in the manual:

"""The most intrusive attacks, where an attacker has complete control of
the user’s machine (and can therefor modify EncFS, or FUSE, or the
kernel itself) are not guarded against. Do not assume that encrypted
files will protect your sensitive data if you enter your password into a
compromised computer.  How you determine that the computer is safe to
use is beyond the scope of this documentation."""

So my question is: how can I truly protect a filesystem against offline
attacks?
But that's different from the issues raised in the quote from the man page. 


I have thinking of using an SD card for storing the passwords in, and
some kind of script or program to automatically retrive password from
the card when needed.


       -S, --stdinpass
           Read password from standard input, without prompt‐
           ing.  This may be useful for scripting encfs mounts.

           Note that you should make sure the filesystem and
           mount points exist first.  Otherwise encfs will
           prompt for the filesystem creation options, which
           may interfere with your script.



                       Then, if I retire the card, then my filesystem is
secure.
Your filesystem is inaccessible, even to you!! (Unless you remember the passphrase...) 


But I also have more questions... is the AES encoder that encfs uses by
default secure enough? If not, is there another way to use another one,
for example, GnuPG?


--
Ron Johnson, Jr.
Jefferson LA  USA

The feeling of disgust at seeing a human female in a Relationship
with a chimp male is Homininphobia, and you should be ashamed of
yourself.
Reply to: