Subject: Re: portable encrypted CD/USB
To: Thilo Jeremias <>
From: Steven M. Bellovin <>
List: netbsd-users
Date: 05/16/2007 14:57:38
On Tue, 15 May 2007 22:55:05 +1000
Thilo Jeremias <> wrote:

> > CFS supports 3DES, MacGuffin and Blowfish. I use it since 2001,
> > first for ~stefan, but since CGD is available I only encrypt some
> > directories (~/mail, ~/.gnupg and so) which shall be protected even
> > if CGD is configured and mounted. >
> >   Hm, ?
> If I understand CFS correctly it hides/scrambles directory names from
> non root users, but it provides no protection against root while the
> directory is open, why is this then more secure than chmod 600 ?

Correct.  Encrypted disks are useful against enemies with physical
access, not login access.  The intent was to protect backup tapes and
NFS repositories.

		--Steve Bellovin,