Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.bhp.com.au!mel.dit.csiro.au!munnari.OZ.AU!news.ecn.uoknor.edu!qns3.qns.com!imci4!newsfeed.internetmci.com!info.ucla.edu!agate!not-for-mail From: mconst@soda.CSUA.Berkeley.EDU (Michael Constant) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: Crytographic file system? Date: 30 Mar 1996 18:46:49 -0800 Organization: Society for the Prevention of Cruelty to Vegetables, UC Berkeley Lines: 23 Message-ID: <4jkrmp$i5c@soda.CSUA.Berkeley.EDU> References: <4j2cmu$g9m@usenet6.interramp.com> NNTP-Posting-Host: soda.csua.berkeley.edu David C. Myers <myers@freebsd.interramp.com> wrote: >Are there any implementations of a cryptographic file system >for FreeBSD? Ideally, I'd like to have one that allows you >to mount a partition by giving a password. Then, every block >of data written to or read from the partition will be encrypted >on the fly using the password. Once finished with the partition, >you unmount it, forcing any intruder to guess your password or >try a brute force attack. Question: does this really do what you want it to? I assume that this is meant to help against an intruder who has root; since if the intruder doesn't have root, regular filesystem permissions will keep him out. But if the intruder does have root, he can grab your key right out of memory when you mount the filesystem! (Not to mention hacking mount to record your password...) This works much better on the Mac, for two reasons: it is a single- user system, so it's much harder for someone else to monitor your password as you type it in; and source is not readliy available, so it's harder for someone else to replace your partition-mount utility with a fake. Not that it isn't possible... :-) -- Michael Constant (mconst@soda.csua.berkeley.edu)