[Cryptography] Wrong uses of filesystem encryption

Lars Luthman mail at larsluthman.net
Fri Jan 30 13:46:59 EST 2015

On Fri, 2015-01-30 at 16:33 +0100, U.Mutlu wrote: 
> I think that most of the filesystem crypto users don't really know
> that their crypto strategy offers them no security or protection at all.
> For example:
> 1) someone steals all your encrypted files (incl. the key file)
> 2) someone steals (or seizes) your HD, or the whole computer
> How do the current solutions protect against these scenarios
> if the perpetrator/bigbrother has somehow hacked the system
> user password, so he can login to the system, and thereby
> gets automatically access to the encrypted filesystems since
> most of them automatically mount...?

Well, yes - if someone can guess your login password, and your
filesystem is mounted automatically when you login using some PAM-like
mechanism, then they get access to your encrypted files if they have
access to the unencrypted storage. That doesn't make it useless since it
still protects you against anyone who _can't_ guess your login password,
which is hopefully a pretty large group of people.

And if you trust the password management of the filesystem encryption
software more than you trust the one in your operating system, then the
obvious choice is to use full disk encryption and autologin instead of
manual login and automatic mounting. You still only type one password
when you start the computer.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150130/cb648c5d/attachment.sig>

More information about the cryptography mailing list