Re: Userland encrypted filesystem that root cannot access.

From: Grendel (grendel@vip.net.pl)
Date: Sat Feb 19 2000 - 20:49:02 EST

** On Feb 20, Mike scribbled:

> >encrypted_file(fs) -> read_encrypted_chunk
> >encrypted_chunk -> send_over_encrypted_link
> >remote_end -> receive_double_encrypted_data -> decode_the_transmission_data
> >encrypted_chunk_decode -> real_data
> >
> >The data is out of reach of the local root.
>
> True, but the problem is that no remote machine exists. This is
> a workstation that is used locally, not via a network. That is a
> good solution for the remote case however IMHO.
In case of local-only, you can always ssh to the local machine when using
the protected data. True, the connection encryption key can be spoofed
during the ssh negotiation phase, but that's a bit tricky, so it takes a
really knowledgeable admin to do it, IMO.

marek


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:24 EST