On Tue, 15 May 2007 22:55:05 +1000
Thilo Jeremias <jeremias@optushome.com.au> wrote:

> 
> > CFS supports 3DES, MacGuffin and Blowfish. I use it since 2001,
> > first for ~stefan, but since CGD is available I only encrypt some
> > directories (~/mail, ~/.gnupg and so) which shall be protected even
> > if CGD is configured and mounted. >
> >   Hm, ?
> 
> If I understand CFS correctly it hides/scrambles directory names from
> non root users, but it provides no protection against root while the
> directory is open, why is this then more secure than chmod 600 ?

Correct.  Encrypted disks are useful against enemies with physical
access, not login access.  The intent was to protect backup tapes and
NFS repositories.



		--Steve Bellovin, http://www.cs.columbia.edu/~smb