On Fri, 23 Oct 2009 14:15:48 -0700
Valient Gough <vali...@gmail.com> wrote:
| On Mon, Oct 19, 2009 at 6:21 PM, Anthony Thyssen
| <a.thys...@griffith.edu.au> wrote:
|
| > Question: is the file only read once?
| > That is can you read the file from a USB and then umount the usb once
| > the encfs directory is mounted.
|
| Yes, I believe it is opened, read, then closed and not used again.
|
That is great.
One suggestion then is to have options in the encfs6.xml file
to specify the encrypted directory and mount point.
This means you can pipe ALL the information into the encfs command
so that even that information is not generally visible to other users
doing a 'wide' "ps" command.
| > Or better still seeing as the environment variable remains 'visible' in
| > the process list of the encfs process, can you read it from a named
| > pipe so as to further hide what file was actually read for a currently
| > mounted filesystem?
|
| There is an --extpass option which allows you to run an external
| program. That program could be just 'cat /mnt/foo/password-file'.
| There's also a --stdinpass option that reads the password from stdin
| (limited to 512 bytes), although I haven't used it. I'd try both and
| see which is more convenient.
|
Yes. and that is great.
But it was the ".encfs*" file that concerned me as it is the presence
of this file that directly identifies that this 'directory' as being
and encrypted directory, rather than say... Raw Data from a
spectroscope.
Better still by 'interleaving' two sets of data using different ".encfs"
files you could leave one that will decrypt half the directory, but
hide the one the decrypts the other half. That way even if they know
the directory is a encfs they course try any number of passwords to
try and crack the other half and NEVER succeed, simply because the
other half uses a difference 'salt'.
By mixing up the use of multiple encrypted dirs in multiple encfs data
dirs with different ".encfs" files (and salts), and the use of some
'chaff' it can become very difficult for even a 'rubber hose' to find
all the data you may have encrypted.
Anthony Thyssen ( System Programmer ) <a.thys...@griffith.edu.au>
-----------------------------------------------------------------------------
"I'm serious about what I do, yes. Not necessarily the way I do it."
-- Doctor Who, "The Time Warrior"
-----------------------------------------------------------------------------
Anthony's Home is his Castle http://www.cit.gu.edu.au/~anthony/
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Encfs-users mailing list
Encfs-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/encfs-users
