[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to protect an encrypted file system for off-line attack?

On Mon, 23 Feb 2009 00:06:02 -0500
Jeff Soules <soules@gmail.com> wrote:

> Hi Javier,
> 
> Thank you for your reply.  Given the hypothetical (but all too
> possible) situation you describe, there are different considerations.
> 
> > Now imagine the worst situation, that a friend wants to protect his data
> > from his corrupt dictatorial government
> 
> Absolutely a possibility.  There are many levels of secrecy --
> filesystem encryption prevents the contents from being known, but does
> not hide the fact that there is a secret.  The presence of a secret
> could be enough right there.  The kind of government you describe
> doesn't need to find evidence in order to "disappear" a person.  This
> also makes it all the more possible that, if his house is raided and
> encrypted files are found, someone might try to torture the
> information out of him.  (Even if the partition is named something
> harmless-sounding, I can't imagine cops anywhere who wouldn't demand
> it be decrypted so they could check it, and refusal would not look
> good.)  In any case, with EncFS we're talking about a technological
> solution in which the encryption key is stored alongside the encrypted
> media, so whatever the password concerns are, this is unsuitable for
> keeping information truly secret when a hostile person might have
> enough physical access to the drive.
> 
> I think it is entirely too likely that a government like this either
> would be able to compromise the data (with or without recovering the
> passwords), or would be willing to punish him just for having
> encrypted data to begin with, if they know he has it.
> 
> > Then my question is: is EncFS good enough to protect his data?
> > I think the SD with stored password is a good solution. While he is not
> > in the house, he can carry the SD or have it hidden somewhere. While he
> > is in the house, and police enter, he might have enough time to probably
> > destroy the SD and turn off the computer.
> 
> With the level of danger involved here, I think the security issue is
> more that there be some rapid way to destroy any evidence of the
> existence of the data (possibly destroying the data itself), rather
> than making sure the password stays safe.  Destroying the SD card is a
> start, but really a person under this kind of government would need to
> be able to say "No, there are no secrets," not "Here's a filesystem
> that you can't read."
> 
> That was my point in the original email -- while there are some
> interesting technical problems here, I think in this case the digital
> security is less important than the social/personal security
> surrounding it.  Or, rather, the digital security will not wind up
> being the weakest link in the chain.

This is exactly the sort of problem that StegFS was invented to solve.
Unfortunately, there has never been a stable release, and development
has stagnated.

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
Reply to: