Subject: Re: portable encrypted CD/USB
To: Thilo Jeremias <jeremias@optushome.com.au>
From: Stefan 'Kaishakunin' Schumacher <stefan@net-tex.de>
List: netbsd-users
Date: 05/15/2007 15:38:21
--/04w6evG8XlLl3ft
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Also sprach Thilo Jeremias (jeremias@optushome.com.au)
> \
> >So what? You cannot protect against root with any kind of encrypted
> >filesystem, be it CFS, CGD or whatever. If you cannot trust root,
> >don't use that machine.=20
> >
> > =20
> Very true!
>=20
> I was really just wondering, if you have CGD, what is the advantage to=20
> also use CFS for mail?

CFS and CGD have a different model. I only use my Laptop to work at
and store all my data on /home. If I need to access that data, eg. a
CVS directory for a customer or slides for a presentation at a
Conference, I have to mount /home. Therefor, I have to config the CGD
device. At that moment, all files on /home are unprotected.=20

CFS works on the normal file system layer, so I use it to protect
sensitive data, like my mailbox or PGP-Keys. I can cgdconfig and mount
my home to access my not-that-sensitive data, but still keep my very
sensitive data protected by CFS.=20

Even if someone hacks into my laptop while being at a conference,
sensitive data is still encrypted with cfs.=20
That's why I combine both models.=20



Hope that helps,
Stefan
--=20
PGP FPR: CF74 D5F2 4871 3E5C FFFE  0130 11F4 C41E B3FB AE33
http://www.net-tex.de                                =20
http://www.cryptomancer.de
--=20
Worum haben die Menschen von Kindesbeinen an gebetet, wovon haben sie getr=
=E4umt,
womit haben sie sich gequ=E4lt? Da=DF irgendeiner ihnen ein f=FCr allemal s=
age, was das
Gl=FCck ist, und sie mit einer Kette an dieses Gl=FCck schmiede. Und ist di=
es nicht=20
gerade das, was wir tun? Der uralte Traum vom Paradies ...
Jewgenij Iwanowitsch Samjatin, =BBWir=AB

--/04w6evG8XlLl3ft
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (NetBSD)

iD8DBQFGSbfNEfTEHrP7rjMRAjr9AJ9rDCKFM2tDoxrmkiXHi+V7fJcluwCeLAYi
hsl+2HCPTmFQLD37k6Z7VHY=
=xwht
-----END PGP SIGNATURE-----

--/04w6evG8XlLl3ft--