[Cryptography] Wrong uses of filesystem encryption
U.Mutlu
for-gmane at mutluit.com
Sat Jan 31 07:03:42 EST 2015
Lars Luthman wrote, On 01/30/2015 07:46 PM:
> On Fri, 2015-01-30 at 16:33 +0100, U.Mutlu wrote:
>> I think that most of the filesystem crypto users don't really know
>> that their crypto strategy offers them no security or protection at all.
>>
>> For example:
>> 1) someone steals all your encrypted files (incl. the key file)
>> 2) someone steals (or seizes) your HD, or the whole computer
>>
>> How do the current solutions protect against these scenarios
>> if the perpetrator/bigbrother has somehow hacked the system
>> user password, so he can login to the system, and thereby
>> gets automatically access to the encrypted filesystems since
>> most of them automatically mount...?
>
> Well, yes - if someone can guess your login password, and your
> filesystem is mounted automatically when you login using some PAM-like
> mechanism, then they get access to your encrypted files if they have
> access to the unencrypted storage. That doesn't make it useless since it
> still protects you against anyone who _can't_ guess your login password,
> which is hopefully a pretty large group of people.
Imagine this: you have the encrypted filesystem and the accompanying keyfile.
Even if you don't know the owning user's system password, you still
can make the encrypted filesystem readable by just mounting it on
your own computer, and voila!
So, there is IMO a big security problem with such auto-mount configurations.
> And if you trust the password management of the filesystem encryption
> software more than you trust the one in your operating system, then the
> obvious choice is to use full disk encryption and autologin instead of
> manual login and automatic mounting. You still only type one password
> when you start the computer.
The problem is "protection in the emergency case",
ie. if the filesystem + keyfile, or the computer / HD / stick, gets stolen or
seized.
After all, for what other cases is encryption good at all? :-)
I mean, I would ask/request/demand protection especially in such emergency cases.
But an auto-mount setup obviously cannot be of help here.
There belongs some more for a really secure system that also covers the said
emergency cases.
More information about the cryptography
mailing list