Subject: Re: portable encrypted CD/USB
To: Thilo Jeremias <jeremias@optushome.com.au>
From: Stefan 'Kaishakunin' Schumacher <stefan@net-tex.de>
List: netbsd-users
Date: 05/15/2007 15:17:21
--UlVJffcvxoiEqYs2
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Also sprach Thilo Jeremias (jeremias@optushome.com.au)
=20
> >CFS supports 3DES, MacGuffin and Blowfish. I use it since 2001, first
> >for ~stefan, but since CGD is available I only encrypt some
> >directories (~/mail, ~/.gnupg and so) which shall be protected even if
> >CGD is configured and mounted.=20
> >
> > =20
> Hm, ?
>=20
> If I understand CFS correctly it hides/scrambles directory names from=20
> non root users, but it provides no protection against root while the=20
> directory is open,
> why is this then more secure than chmod 600 ?

So what? You cannot protect against root with any kind of encrypted
filesystem, be it CFS, CGD or whatever. If you cannot trust root,
don't use that machine.=20

--=20
PGP FPR: CF74 D5F2 4871 3E5C FFFE  0130 11F4 C41E B3FB AE33
http://www.net-tex.de                                =20
http://www.cryptomancer.de
--=20
Worum haben die Menschen von Kindesbeinen an gebetet, wovon haben sie getr=
=E4umt,
womit haben sie sich gequ=E4lt? Da=DF irgendeiner ihnen ein f=FCr allemal s=
age, was das
Gl=FCck ist, und sie mit einer Kette an dieses Gl=FCck schmiede. Und ist di=
es nicht=20
gerade das, was wir tun? Der uralte Traum vom Paradies ...
Jewgenij Iwanowitsch Samjatin, =BBWir=AB

--UlVJffcvxoiEqYs2
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (NetBSD)

iD8DBQFGSbLhEfTEHrP7rjMRArUiAKCBFhIsn90WYZ9k8qWgLXhW9rBnqACdEwVx
1yZ7BTLQZxih2C4Aw7kAHcc=
=9hny
-----END PGP SIGNATURE-----

--UlVJffcvxoiEqYs2--