Re: How to protect an encrypted file system for off-line attack?
On Mon, 23 Feb 2009 00:06:02 -0500
Jeff Soules <soules@gmail.com> wrote:
> Hi Javier,
>
> Thank you for your reply. Given the hypothetical (but all too
> possible) situation you describe, there are different considerations.
>
> > Now imagine the worst situation, that a friend wants to protect his data
> > from his corrupt dictatorial government
>
> Absolutely a possibility. There are many levels of secrecy --
> filesystem encryption prevents the contents from being known, but does
> not hide the fact that there is a secret. The presence of a secret
> could be enough right there. The kind of government you describe
> doesn't need to find evidence in order to "disappear" a person. This
> also makes it all the more possible that, if his house is raided and
> encrypted files are found, someone might try to torture the
> information out of him. (Even if the partition is named something
> harmless-sounding, I can't imagine cops anywhere who wouldn't demand
> it be decrypted so they could check it, and refusal would not look
> good.) In any case, with EncFS we're talking about a technological
> solution in which the encryption key is stored alongside the encrypted
> media, so whatever the password concerns are, this is unsuitable for
> keeping information truly secret when a hostile person might have
> enough physical access to the drive.
>
> I think it is entirely too likely that a government like this either
> would be able to compromise the data (with or without recovering the
> passwords), or would be willing to punish him just for having
> encrypted data to begin with, if they know he has it.
>
> > Then my question is: is EncFS good enough to protect his data?
> > I think the SD with stored password is a good solution. While he is not
> > in the house, he can carry the SD or have it hidden somewhere. While he
> > is in the house, and police enter, he might have enough time to probably
> > destroy the SD and turn off the computer.
>
> With the level of danger involved here, I think the security issue is
> more that there be some rapid way to destroy any evidence of the
> existence of the data (possibly destroying the data itself), rather
> than making sure the password stays safe. Destroying the SD card is a
> start, but really a person under this kind of government would need to
> be able to say "No, there are no secrets," not "Here's a filesystem
> that you can't read."
>
> That was my point in the original email -- while there are some
> interesting technical problems here, I think in this case the digital
> security is less important than the social/personal security
> surrounding it. Or, rather, the digital security will not wind up
> being the weakest link in the chain.
This is exactly the sort of problem that StegFS was invented to solve.
Unfortunately, there has never been a stable release, and development
has stagnated.
Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
Reply to: