On Sun, 9 Feb 2003, Dave Howe wrote:
> Jim Choate wrote:
> > Yes, it can mount the partition. That isn't the problem. The problem
> > is that for lilo to do this it has to have access to the key in
> > plaintext. That makes the entire exercise moot.
> not if you have to type it every time.
Then I'd say lilo isn't mounting it, you are.
But you get the gist, either the key is there in plaintext or somebody who
knows it is. That is a -very- limited application area for computers and
encryption.
> if you take that as criteria, then *all* encryption is moot, as I can't
> think of any you don't have to supply a key or passphrase for.
Not at all, it simply means that encryption is not the solution for -stand
alone- applications (at least not at the state of encryption and hardware
today).
In my mind the utility of encryption on a machine is questionable unless
that machine can reboot and recover -without intervention and without
needing a plaintext key-. Only when that state can be achieved will
encryption offer the sort of security many of us are looking for.
One of the extensions that I'm looking at in Plan 9 is a mechanism to use
the distributed process and name space as a mechanism to do something
about this. It may be possible to get a server to boot an encrypted partition
without ever passing the actual key (Plan 9 uses a token ala kerberos -
but it's not kerberos).
> you could also have lilo look at a dongle (a usb drive, say) for its key.
Same problem, the key has to be on the dongle in the clear. Several years
ago the Austin Cypherpunks ran a mixmaster remailer for several months and
we used a floppy to do this sort of stuff. If you have the floppy you have
the system.
--
____________________________________________________________________
We are all interested in the future for that is where you and I
are going to spend the rest of our lives.
Criswell, "Plan 9 from Outer Space"
[EMAIL PROTECTED] [EMAIL PROTECTED]
www.ssz.com www.open-forge.org
--------------------------------------------------------------------
