LinuxSA Mailing list archives

  From: Nick Morrison <nickelodeon@heaps.fully.cx>
  To  : Mark Newton" <newton@atdot.dotat.org>, "behoffski <newton@atdot.dotat.org>
  Date: Wed, 15 Sep 1999 02:05:32 +0930

RE: Encryption (was Re: Linux Console Security)

Hi!!!

Along this thread - sorta - and not wanting to continue along the silly
lines we've been taking..

There's a filesystem type you can add to your collection that actually
encrypts the entire filesystem on the drive.  ie - if you stole someone's
encrypted disk and put it in your own machine, you'd need that $99,999
machine to crack it open in a hurry.  They'd see garble.

When the disk is mounted, you are prompted for a password.  The password is
then used by the filesystem "driver" (or whatever its technical name may be)
to decrypt data *as it's read from the disk*, so the only decrypted data
you'll have is in RAM, or in swap.  And I'm sure there's a way to make sure
it doesn't ever go to swap.  Is there?  *shrug*  It's an interesting concept
and will probably be fun to play with :)

You can, for example, take a normal floppy disk, create a new encrypted
filesystem upon it, mount the drive using your encryption password, and read
from/write to it as normal.  When you unmount the disk, you need the
password again to re-read it.

Assuming nobody's snooping about in your disk cache.

Or watching as you type.  *looks over shoulder*

It's a rather groovy idea and when ..  when ..  whenIrememberwhatit'scalled
*ducks* I'll be playing with it some.

Not because I need anything encrypted, but because it'd be fun.  I'm a power
freak, you see.  That's why I like linux.  *wink*

Anyway - it's late, I'm full of food and wine, and I'm tired.

So if anyone remembers what the filesystem driver/module thing is called..
let me/us know :)

Thankyou all.

Nite.
__
Nick Morrison
nickelodeon@heaps.fully.cx
http://www.fully.cx/


> behoffski wrote:
>
>  > Note that the level of encryption needed to keep people out
>  > is increasing all the time, as decryption machines become
>  > cheaper and people discover new attacks.  NIST is working
>  > through a process of selecting a new crypto scheme at the
>  > moment, called AES (Advanced Encryption Standard).  Many of
>  > these encryption schemes have 256-bit keys.
>
> The days of the inadequacy of 256-bit keys for long-term protection
> of data are fast approaching.  If NIST is pushing 256-bit keys, you
> can bet your bottom dollar that that means the NSA is capable of
> cracking 256-bit crypto in a reasonably short amount of time. :-)
>
> The strength of crypto that should be used is a function of the
> value of the data you're protecting and the length of time you need
> to protect it for.  If you need to keep a contract worth $100,000
> secret for a 14-day cooling-off period, don't use an algorithm that
> can be cracked in 13 days by a machine that costs $99,999.  As the
> critical length of time increases, the cost of a machine which will
> break the key within that time decreases, and vice-versa.  For
> reference purposes, the DES cracker built by EFF, "Deep Crack," can
> be built for under US$100,000, and can crack a 56 bit DES key in a few
> hours.
>
> Are there any rich bastards reading this list? :-)
>
>  > The days of 56-bit DES are long gone, if you're serious about
>  > keeping data hidden.
>
> Absolutely -- passwords included.

-- 
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject