On Fri, Jan 23, 2004 at 06:15:46AM +0000, Jason Holt wrote: > I think you said in an earlier message that you didn't plan on doing > per-directory encryption. That actually sounds like a pretty useful > feature - > something like the sticky bit could make all files created inside > automatically encrypted under the same key.
That can be an EA on the directory itself. Good idea. > Also, have you worked out the threat model? Ugh. I think I will only recommend using the encrypted filesystem together with SE Linux to address that little issue. > It seems not at all obvious to me. I can keep my encrypted data > safe from burglars who steal my machine, but if they leave it where > it is and just compromise it, they can pretty easily get all > existing data as well as future data. Yup. Authentication timeouts can help here. Here's another: http://pam-x509.sourceforge.net/ The module can poll every 10 seconds or so to see if the bluetooth device is still there. If it's not, authentication is revoked. The authorized individuals can have the Bluetooth device in their name tags, which they should always have on there person. Here's another idea I just had: as long as we're doing versioning and rollback and what not, switch out the real data for a fake equivalent when the user is is not authenticated. The idea is to psych the attacker into thinking that he successfully compromised the data, when in reality, he's getting bogus files. That way, the attacker is likely to stop his attack, thinking he already succeeded. Mike .___________________________________________________________________. Michael A. Halcrow Security Software Engineer, IBM Linux Technology Center GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D 2371 2D3C FDDA 3EB6 601D "Your superior intellect is no match for our puny weapons!"
pgp00000.pgp
Description: PGP signature
____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
