netbsd-users: Re: portable encrypted CD/USB

Subject: Re: portable encrypted CD/USB
To: Thilo Jeremias <jeremias@optushome.com.au>
From: Greg Troxel <gdt@ir.bbn.com>
List: netbsd-users
Date: 05/15/2007 12:36:17

--=-=-=
Content-Transfer-Encoding: quoted-printable

Thilo Jeremias <jeremias@optushome.com.au> writes:

> If I understand CFS correctly it hides/scrambles directory names from
> non root users, but it provides no protection against root while the
> directory is open,
> why is this then more secure than chmod 600 ?

1) The backup media will have ciphertext, not plaintext.

2) The ciphertext may be on a fileserver (NFS, coda, etc.) that is under
   the control of someone else.

3) Needing the key means that an attacker has to trojan something, or be
   there at the right time.  This isn't really comforting, but it's
   better than nothing.
=20

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (NetBSD)

iD8DBQFGSeGB+vesoDJhHiURAsPzAJ4oYQYFzZwlivtZFIS7Y98zSqjFuwCgsKMU
eaHALvkZNQKKxb2sPJMYzwE=
=6ziS
-----END PGP SIGNATURE-----
--=-=-=--