begin quoting Rachel Garrett as of Wed, Apr 20, 2005 at 12:05:15PM -0700:
> On 4/20/05, Stewart Stremler <[EMAIL PROTECTED]> wrote:
[snip]
> > And how does it protect your data?
> >
> > ("By preventing a compromise of the OS." is not an acceptable answer.)
>
> Why not? I have a hard time imagining a way for a system to protect
> data without protecting the OS. (In a sense, isn't it all just data?)That's more-or-less the wrong way round. What good is protecting the OS if you don't protect the data? And yes, it's all data, but the OS data is easy to get back. User data isn't. So why worry about the data that's easy to get back? > Even if you had a system that automatically encrypted data when you > saved it, someone who had compromised your OS could conceivably > replace that chunk of code with their own "encryption" scheme, > couldn't they? If you're running in a single-user mode, they'll compromise you on the way to compromising the OS. And there goes the security for your data. But an encrypted disk is an interesting idea. How do you keep the intruder, who has compromised your account, from intercepting your password/passphrase and gaining access to your data? If there were a way to provide the key out-of-band, perhaps... and keep programs from getting at it. Except when you want them to. -Stewart "To a computer, everything is just bits." Stremler
pgpbqXvn1vpdM.pgp
Description: PGP signature
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
