On Fri, 2002-12-13 at 16:52, Jack Coates wrote: > On Fri, 2002-12-13 at 07:30, Guy Van Sanden wrote: > > Hello everyone > > <snip>
> If your system has been compromised to the level that an attacker can > read an encrypted or decrpyted disk image in your home directory, then > that attacker is just as capable of reading your key ring. Getting the > passphrase is a mite tougher, but hardly impossible -- in fact, given > the timeout mentioned below it's somewhat likely that the passphrase > will be in .bash_history because your going to be typing it all the > time. Get a slow prompt or the wrong xterm, whoops! Of course, since the > attacker has shell with root or your privileges, they can easily run a > keyboard sniffer on your session. .bash_history will certainly provide a > lovely list of the files that you're using most frequently from the > encrypted area. I see your point here... The thing is that I'm trying to come up with a solution for the fact that sometimes it is impossible to restrict physical access to machines. In my case, all my equipment is in the living room (it was the only possibility). Lately, I've been getting more and more concerned with prosecutions of people that are anti-MS/DRM/kapitalism... So I was thinking about providing a safe infrastructure for people doing e.g. security research at home. The system should be so that confiscating a machine (which most of the time is powered down immediately by law enforcement) would render the data unusable. I realise that this is hard to do, and has caveats in it. So I'm open to all other suggestions/alternatives... <snip> > > > > Have a look at http://www.kerneli.org for the basic tools, but it looks > to me like they've taken down their crypto-filesystem howto, at least > partially because of the argument above IIRC. The problem is the same on > Unix as on Windows -- you're trying to secure something while you're > using it. Indeed, I am. Thanks for your comments. -- Guy Van Sanden <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
