[Cryptography] Wrong uses of filesystem encryption
U.Mutlu
for-gmane at mutluit.com
Sat Jan 31 07:44:05 EST 2015
Kent Borg wrote, On 01/30/2015 08:49 PM:
> On 01/30/2015 10:33 AM, U.Mutlu wrote:
>> What 'best practices' for filesystem encryption are there?
>
> Again, that horrible term! Says who? Measured how? Accomplishing what?
>
> What is the boundary of the system you are defending? Is this a single laptop,
> used by one person? Or is this a server? Does one person need access or a
> group? What happens when that person is run over by an unexpected truck or a
> member of the group quits in a huff?
A mountable encrypted filesystem is sufficient for me, for example /home/user-me.
But there should also be protection in case if that filesystem gets stolen/seized.
> What about backups? How do you do your backups? Are they encrypted? What does
> your recovery plan look like on that day you need your backups? Do you need
> file-by-file encryption? Or do you need whole filesystem encryption? (Do you
> need to hide the names and sizes of the files or just the contents?) Maybe you
> do both.
Yeah, an encrypted filesystem solves that too, ie. the enc of the filenames
and dirs.
> Why are you doing this, what are you afraid of? Something simple, like
> disposing of old disks by destroying the encryption key instead of having to
> destroy the platters? Or is this expected to keep the prying eyes of the
> Chinese off your data next you visit China? What if someone tries to compel
> disclosure of the key? The foreign cop? The thug who carjacks you? The US
> border guard standing between you and home? The TSA agent? A US federal court
> order?
I think nobody has the obligation to, nor should, help his own enemy...
> In the simple laptop example, I hear the first thing the smart cops do when
> they break down your door is plug a mouse-wiggler into your computer, to keep
> the screen saver from locking them out.
:-)
> Say many ways to screw up,
>
> -kb
Exactly :-)
I wanted to point especially to the two emergency cases given in the initial
posting (files/HD/comp stolen/seized).
It definitely belongs some additional steps in the encryption strategy to
cover also the said cases; IMO these are even the main cases to protect against.
More information about the cryptography
mailing list