[Cryptography] read-once file, outside the filesystem ... or not

John Denker jsd at av8n.com
Tue Nov 29 10:13:55 EST 2016

On 11/29/2016 05:01 AM, Ralf Senderek wrote:
> And I'd really like to replace this with a proper kernel enforced
> use of a secure read-once file. That's why I'm interested to
> know if such a thing could be implemented (with the prospect to
> become a reality).

This is never going to be implemented on any significant scale,
for two reasons:

1) Read-once isn't the right semantics.  There are lots of cases
 where the seed would need to be read more than once.

2) Putting it outside the normal filesystem is nothing more than
 ┬źsecurity by obscurity┬╗.  There have to be tools to install
 the thing.  The tools need to have permissions.  The existence
 of such tools is basically a big red arrow on the Death Star
 plans, saying "Attack Here".

3) To say the same thing in more constructive terms:  This is
 yet another of those cases where we really ought to rely on the
 standard mechanisms, e.g. file permissions ... and if that's
 not good enough, it's a serious bug, and needs to be reported
 upstream in the usual way.

More information about the cryptography mailing list