encrypted root filesystem
thsutton at tasmaniac.net
Mon Feb 23 15:50:11 PST 2004
On Tue, 2004-02-24 at 10:34, Ian Molton wrote:
> On Tue, 24 Feb 2004 10:21:03 +1100
> Thomas Sutton <thsutton at tasmaniac.net> wrote:
> > The other benefit that an encypted fs/dev has over encrypted files is
> > the deniability.
> So dont name your file 'top secret dirty porno' then
> > Regarding the "it provides lots of known plain text" argument: if you
> > can tell me a way to determine which particular blocks in a given
> > filesystem,
> AIUI there is no requirement to know where the known plaintext is. it
> merely helps.
> > if you could, you would only be able to guess at which particular 3
> > block file is /bin/false,
> You dont need to. you only need to know that the blocks are there, not where they are. its not like they're small - 512K at a time or worse...
> > I don't think that
> > anyone who needed to run crypted fs' would be so foolish (if I may be
> > so bold) as to waste time and space encrypting non-sensitive
> > information.
> Im still unconvinced that even small partitions need it, but it is a far more sensible way to do it (looped files is even better). Perhaps one day I'll see that 'killer app'. Until then I will remain unconvinced but safe in the knowledge its already been developed...
Look at it this way. Vim (or OO.o, or MySQL, or Whizbang-Gizmoo-2000)
might transparently encrypt their datafiles, etc, but what about
everything they talk to? What about the clients that connect to the
database? What if one crashes, and a core dump is saved?
If you need to encrypt stuff (as opposed to wanting to) then,
presumably, you want to address the risk of confidentiality. This means
avoiding leaks. Without auditing every application that uses encrypted
data, you can't be sure they don't leak. I don't know about you, but I
don't fancy the idea of attempting to strace every path through every
program that will be using my data.
More information about the hlfs-dev