Encrypt file while you are using it
Hi, i would like to maintain encrypt an archive in all moment, so i would like to know what software can be this. Now i am using Truecrypt, but when i mount the encrypted directory it's vulnerable. I want to mount the file and that the file can remains encrypt. Somebody can help me? Thank you very much, I appreciate your help. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Encrypt file while you are using it
if you mount a truecrypt volume, the volume itself remains encrypted. the truecrypt driver decrypts and encrypts access in real time. you cannot mount an encrypted volume and not expose it at the file system level while its mounted, by definition. look at the possibility of a write only mount but i can't help you with this. alternatively, use passworded archives instead of a filesystem solution. Manuel Gomez wrote: Hi, i would like to maintain encrypt an archive in all moment, so i would like to know what software can be this. Now i am using Truecrypt, but when i mount the encrypted directory it's vulnerable. I want to mount the file and that the file can remains encrypt. Somebody can help me? Thank you very much, I appreciate your help. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Encrypt file while you are using it
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Manuel Gomez wrote: Hi, i would like to maintain encrypt an archive in all moment, so i If it is to remain encrypted in any moment in time, you should just use a very complicated password and forget it immediately. Your data should remain encrypted forever would like to know what software can be this. Now i am using Truecrypt, but when i mount the encrypted directory it's vulnerable. I want to mount the file and that the file can remains encrypt. If I understand you correctly, you would like to read the file, while it still is encrypted? How should this possibly work? Somebody can help me? If you would like to access your encrypted files one by one (instead of mounting an encrypted archive) you could encrypt each file separately. 'gpg' (package: gnupg) is one program that could be used for this. If you use 'cryptsetup', your whole partition (including the file system) will be encrypted (and remain encrypted all the time). After issuing the password, all data will be decrypted/encrypted on the fly. - From what you wrote, it's not fully clear to me, what exactly you try to achieve. HTH anyway, Johannes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkq1rYACgkQC1NzPRl9qEUkkwCbBqxHVp+tOni34V+C6d5UB4v6 yNYAn2p9Esr67Hksvi+m5UNTAxEf2WOu =PFLQ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Encrypt file while you are using it
On Mon, Nov 24, 2008 at 05:30:46PM +0100, Johannes Wiedersich wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Manuel Gomez wrote: Hi, i would like to maintain encrypt an archive in all moment, so i If it is to remain encrypted in any moment in time, you should just use a very complicated password and forget it immediately. Your data should remain encrypted forever would like to know what software can be this. Now i am using Truecrypt, but when i mount the encrypted directory it's vulnerable. I want to mount the file and that the file can remains encrypt. If I understand you correctly, you would like to read the file, while it still is encrypted? How should this possibly work? Hello, I think that cfs and encfs does what you are asking for. cheers graziano Somebody can help me? If you would like to access your encrypted files one by one (instead of mounting an encrypted archive) you could encrypt each file separately. 'gpg' (package: gnupg) is one program that could be used for this. If you use 'cryptsetup', your whole partition (including the file system) will be encrypted (and remain encrypted all the time). After issuing the password, all data will be decrypted/encrypted on the fly. - From what you wrote, it's not fully clear to me, what exactly you try to achieve. HTH anyway, Johannes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkq1rYACgkQC1NzPRl9qEUkkwCbBqxHVp+tOni34V+C6d5UB4v6 yNYAn2p9Esr67Hksvi+m5UNTAxEf2WOu =PFLQ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- +---+--+ | Graziano Obertelli| CS Dept. Rm 5112 | | [EMAIL PROTECTED] | University of California | | (805) 893-5212| Santa Barbara, CA 93106 | +---+--+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Encrypt file while you are using it
On Monday, 2008-11-24 at 16:12:56 +0100, Manuel Gomez wrote: Hi, i would like to maintain encrypt an archive in all moment, so i would like to know what software can be this. Now i am using Truecrypt, but when i mount the encrypted directory it's vulnerable. I want to mount the file and that the file can remains encrypt. Whenever you are able to read a file, it has to exist in unencrypted form. Let's say you have an editor or viewer that has builtin-in decryption. It will read the encrypted file, and decrypt it. to be able to work on it, the program has to keep the decrypted form. It also has to send it to some device for you to be able to work on it. The decrypted form will be readable from /dev/mem or /proc/pid/mem. by the superuser and (procfs only) your user. It will also be possible for at least the superuser to intercept what is going to the device. There is nothing you can do to prevent these kinds of attacks. So, storing your files in an encrypted filesystem with permissions set so that only your user (and the superuser) can read the files is no less secure than storing the files individually encrypted. HTH, Lupe Christoph -- | There is no substitute for bad design except worse design. | | /me| -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Encrypt file while you are using it
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Obi wrote: On Mon, Nov 24, 2008 at 05:30:46PM +0100, Johannes Wiedersich wrote: Manuel Gomez wrote: Now i am using Truecrypt, but when i mount the encrypted directory it's vulnerable. I want to mount the file and that the file can remains encrypt. If I understand you correctly, you would like to read the file, while it still is encrypted? How should this possibly work? I think that cfs and encfs does what you are asking for. How is encfs different to Truecrypt in the way that files that are read are (temporarily) decrypted? Just curious, Johannes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkrMg0ACgkQC1NzPRl9qEWcdQCeJTJPFR8vvdJWgl957RQh1dZV 6V4An1C9sABdmxVnTGo2izOJKZwmbz5C =UI3o -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Fixes for gaim/pidgin vulnerabilities?
Ubuntu [1] has recently released fixes for CVE-2008-2955, CVE-2008-2957, and CVE-2008-3532 in gaim/pidgin. Can we expect to see these fixes released for Etch soon? Also note that Ubuntu seems to have missed CVE-2008-2956 [2], which also applies to gaim/pidgin. The problem has not yet been fixed in any of the Debian archives, which may explain why they did not include a patch for this one. Thanks for working to keep Debian secure. [1] http://www.ubuntu.com/usn/USN-675-1 [2] http://security-tracker.debian.net/tracker/CVE-2008-2956 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Fixes for gaim/pidgin vulnerabilities?
On Mon, Nov 24, 2008 at 06:10:14PM -0500, Michael Gilbert wrote: Also note that Ubuntu seems to have missed CVE-2008-2956 [2], which also applies to gaim/pidgin. The problem has not yet been fixed in any of the Debian archives, which may explain why they did not include a patch for this one. Actually, not even upstream has fixed this yet. :( http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-2956 -Kees -- Kees Cook@outflux.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Encrypt file while you are using it
Bas Steendijk wrote: Manuel Gomez wrote: Hi, i would like to maintain encrypt an archive in all moment, so i would like to know what software can be this. Now i am using Truecrypt, but when i mount the encrypted directory it's vulnerable. I want to mount the file and that the file can remains encrypt. Somebody can help me? Thank you very much, I appreciate your help. It cannot be encrypted in memory. Oh, a whole file can be, if the whole file is loaded at once, but the buffer holding the info currently being used can't be, so there will always be a point of vulnerability. Invent a good way to obscure every byte 100% of the time, and you will be rich, rich, rich! There are a few things that can almost do what I think you are asking, but the need to do so seems a little extreme. Uh, some things encrypt the whole disk, but so far, disk-based encryption hasn't been too satisfactory. Some partition-level encryption is available. This may be a bit vulnerable when errors occur, meaning if the wrong bits get flipped, all your data goes bye-bye. (That is true of some file systems, and a lot of compression methods, as well.) Uh, cryptsetup cryptmount. Maybe the ecryptfs file system? Mark Allums -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Encrypt file while you are using it
On Tue, Nov 25, 2008 at 12:00:45AM +0100, Johannes Wiedersich wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Obi wrote: On Mon, Nov 24, 2008 at 05:30:46PM +0100, Johannes Wiedersich wrote: Manuel Gomez wrote: Now i am using Truecrypt, but when i mount the encrypted directory it's vulnerable. I want to mount the file and that the file can remains encrypt. If I understand you correctly, you would like to read the file, while it still is encrypted? How should this possibly work? I think that cfs and encfs does what you are asking for. How is encfs different to Truecrypt in the way that files that are read are (temporarily) decrypted? Just curious, My apologies: I think I failed read and comprehension 101. I misread the original question. graziano Johannes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkrMg0ACgkQC1NzPRl9qEWcdQCeJTJPFR8vvdJWgl957RQh1dZV 6V4An1C9sABdmxVnTGo2izOJKZwmbz5C =UI3o -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- +---+--+ | Graziano Obertelli| CS Dept. Rm 5112 | | [EMAIL PROTECTED] | University of California | | (805) 893-5212| Santa Barbara, CA 93106 | +---+--+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Encrypt file while you are using it
Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: Uh, some things encrypt the whole disk, but so far, disk-based encryption hasn't been too satisfactory. Some partition-level encryption is available. Where do you see the difference? dm-crypt or truecrypt - they all work on block device level, with or without partitions. Gruss Bernd Well, maybe it is just a point of view. You are correct. Mark Allums -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Encrypt file while you are using it
Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: Uh, some things encrypt the whole disk, but so far, disk-based encryption hasn't been too satisfactory. Some partition-level encryption is available. Where do you see the difference? dm-crypt or truecrypt - they all work on block device level, with or without partitions. Gruss Bernd Actually, I was referring to hardware-based encryption, but I realize now that that is beyond the scope of the subject, and probably not worth mentioning. So, you are correct, of course. Mark Allums -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Encrypt file while you are using it
Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: Uh, some things encrypt the whole disk, but so far, disk-based encryption hasn't been too satisfactory. Some partition-level encryption is available. Where do you see the difference? dm-crypt or truecrypt - they all work on block device level, with or without partitions. Gruss Bernd Another, hopefully last, thought: The distinction I was thinking of was between whole-partition and per-folder or per-file, not between encrypted disk and encrypted partition. I must not have got this across. Mark Allums -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Encrypt file while you are using it
On 24/11/08 22:40 +0100, Lupe Christoph wrote: On Monday, 2008-11-24 at 16:12:56 +0100, Manuel Gomez wrote: Hi, i would like to maintain encrypt an archive in all moment, so i would like to know what software can be this. Now i am using Truecrypt, but when i mount the encrypted directory it's vulnerable. I want to mount the file and that the file can remains encrypt. Whenever you are able to read a file, it has to exist in unencrypted form. Let's say you have an editor or viewer that has builtin-in decryption. It will read the encrypted file, and decrypt it. to be able to work on it, the program has to keep the decrypted form. It also has to send it to some device for you to be able to work on it. The decrypted form will be readable from /dev/mem or /proc/pid/mem. by the superuser and (procfs only) your user. It will also be possible for at least the superuser to intercept what is going to the device. There is nothing you can do to prevent these kinds of attacks. You could use SELinux to prevent these kind of attacks. So, storing your files in an encrypted filesystem with permissions set so that only your user (and the superuser) can read the files is no less secure than storing the files individually encrypted. This depends on the attack vector. Using partition level encryption protects you from giving away your filenames and (to some degree) your atime, mtime and filesize when the partition is not mounted. regards, Rolf -- ... Expediency asks the question, 'Is it politic?' ... signature.asc Description: Digital signature
Re: secure execution of drivers
On 21/11/08 09:29 +0100, Dani wrote: when the driver fault, I was in the midst of rebuilding the system and had multiple virtual machines running. The result was that reiserfs Did those VMs have reiserfs-partitions, too? Reisefs has problems recovering when there are reiserfs-images inside a reiserfs-partition. which completely destroyed. when it had recovered more files on /LOST+FOUND than in the rest of the system ... in short, a disaster. I hope to find some solution for when the driver fail again Use a better fs. regards, Rolf -- ... Expediency asks the question, 'Is it politic?' ... signature.asc Description: Digital signature
