encrypted filesystems

ken_i_m at elegantinnovations.net ken_i_m at elegantinnovations.net
Tue Jan 6 12:02:28 PST 2004


On Tue, Jan 06, 2004 at 06:40:59PM +0000, Christopher James Coleman (ug97cjc at cs.bham.ac.uk) wrote:
> I suppose the ideal solution in a secure system is to not have any part of
> the program chain stupid enough to not protect pages with sensitive data
> on. However, this is probably beyond the scope of the project.

The secmem warning in gpg refers to someone rooting your box and reading 
the memory pages where the password is stored.  Thus, don't let someone 
root you box.  Yes, it is that simple because once the attacker is 
considered to be from the next level up in resources the easy attack is 
installing a hardware keylogger.  Opps, the FBI has already been doing 
this for several years.  Hardware keyloggers are available on-line for 
under $100.  So, money is not the issue.  The class of potential attackers 
is someone close to you or with the resources to blackbag you.

Other applications that need gpg functionality (such as Mutt) hand data 
to gpg on stdin and accept output on stdout (mostly).  The aegpytian 
plugin is designed to rid us of the exceptions to the former.
-- 
I think, therefore, ken_i_m
Chief Gadgeteer, Elegant Innovations
Founder, Bozeman Linux Users Group
(406) 581-0495



More information about the hlfs-dev mailing list