Encrypted Filesystems (was: signing fs's)

Gregory Maxwell (nullc@limelight)
Sun, 29 Dec 1996 15:29:06 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Volker.Lendecke: "Re: repeatable smbfs OOPS with 2.0.27"
Previous message: Don Fisher: "modules in 2.1.18"
Next in thread: Gregory Maxwell: "Re: Encrypted Filesystems (was: signing fs's)"
Maybe reply: Gregory Maxwell: "Re: Encrypted Filesystems (was: signing fs's)"

Hmm.. Everyone was yakking about boot time passwords so that someone
couldn't reboot with an alternate kernel or steal the computer.. How
about this: The computer contains a simple card with cmos like memory
(and power source).. It contains the magic key... It's attached to a
microswitch on the case... If the case is opened then it 'forgets' the
password.. Also the floppy would be disabled inside the case... This way
if theres a power out or a system reboot in the middle of the night a
sysadm doesn't need to be there to check it out...
As for signing stuff... A md5 is NOT a signature as would be useful for
a security check... (it would have to be public-key encrypted to call it
that).. What could be done is that every user could have a public-private
key pair which could be loaded by the login process and used to sign
blocks.. But I dont see much point as a sysadm could foul this and no one
but a sysadm would be a threat to current methods...
And more importantly: This does NOT belong in THIS mailing list... :)
I'm sure there is a security mailing list... :)

Next message: Volker.Lendecke: "Re: repeatable smbfs OOPS with 2.0.27"
Previous message: Don Fisher: "modules in 2.1.18"
Next in thread: Gregory Maxwell: "Re: Encrypted Filesystems (was: signing fs's)"
Maybe reply: Gregory Maxwell: "Re: Encrypted Filesystems (was: signing fs's)"