[Cryptography] read-once file, outside the filesystem ... or not
John Denker
jsd at av8n.com
Tue Nov 29 10:13:55 EST 2016
On 11/29/2016 05:01 AM, Ralf Senderek wrote:
>
> And I'd really like to replace this with a proper kernel enforced
> use of a secure read-once file. That's why I'm interested to
> know if such a thing could be implemented (with the prospect to
> become a reality).
This is never going to be implemented on any significant scale,
for two reasons:
1) Read-once isn't the right semantics. There are lots of cases
where the seed would need to be read more than once.
2) Putting it outside the normal filesystem is nothing more than
«security by obscurity». There have to be tools to install
the thing. The tools need to have permissions. The existence
of such tools is basically a big red arrow on the Death Star
plans, saying "Attack Here".
3) To say the same thing in more constructive terms: This is
yet another of those cases where we really ought to rely on the
standard mechanisms, e.g. file permissions ... and if that's
not good enough, it's a serious bug, and needs to be reported
upstream in the usual way.
More information about the cryptography
mailing list