On Mon, Apr 17, 2000 at 09:56:12AM -0400, Dr. Joel M. Hoffman wrote:
> >DJMH> Encrypting every file on the HD will actually make it easier to
> >DJMH> decrypt the HD. The key to decryption is knowing what the decrypted
There are two things here. One is encrypting every file on the
hard drive and the other is encrypting the hard drive. They are NOT the
same thing! That being said, even the statement "encrypting every file
on the HD will actually make it easier to decrypt the HD", while
self contradictory (first part refers to "encrypting every file on the HD"
while end refers to "decrypt the HD"), is simply false even in the weaker
case of "encrypting every file on the HD". In that weaker case, you can
determine the file structure and the possibility of files with known
plaintext. With a good algorithm, like blowfish or twofish, it still
doesn't buy you anything, since plaintext attacks against those algorithms
are no better than brute forcing the key.
> >That is actually not true. As far as strong encryption goes. I habe
> >heard that one of the criterias of strong encryption algorithms are
This is true.
> Encryption algorithms may vary in how easy they are to crack once you
> know both the encryped and plain-text messages, but it's always easier
> if you know both.
No it's not... Not always. Not for good algorithms.
If it still doesn't get you any better than brute forcing the
key, the best you get is a break even. That's a criterion for most good
crypto algorithms, that the best any attack you can derive will provide
you with is no better than brute forcing the keys. That includes known
plaintext attacks, differential attacks (where you can compare the
differences between known plain text values to determinine algorithm
weaknesses and characteristics) and any other esoteric attack you can
think up. If they are no better than brute force, they buy you nothing.
Also, if you encrypt the hard disk itself, you can't even see
the file structure to begin with. All an attacker sees is an encrypted
partition and can't even tell what the file structure is. He can't even
tell WHERE the plaintext is to attempt to mount a known plaintext attack.
> >But how do i do that to my entire harddrive and still boot from it ?
You really only need to encrypt the partitions, you don't need
to encrypt things like the partition table and boot sectors.
> I don't know.
You want to check out ppdd.
"ENCRYPTED DISC DEVICE DRIVER"
http://linux01.gwdg.de/~alatham/ppdd.html
From the home page:
] PPDD is a device driver for Linux. It allows you to create a device
] which looks like a disc partition. You can then create an ext2 filesystem
] on this device. The data is in reality written to and read from a real
] disc - either a partition or a file on a normal filesystem. Everything
] on the disc is encrypted. The encryption algorithm is blowfish. Clearly
] more than just a device driver is involved in this and I have tried to
] make the overall system secure and foolproof.
] One of the design objectives was to make it possible for an average user
] to install and use ppdd. The new revision includes extensive documentation
] including "man" pages. The make macros check the environment more
] extensively and if you follow the instructions success is almost
] certain.
] All recent revisions include the ability to encrypt the root filesystem
] and swap files so that the chances of accidentally leaving secret
] material on disc are very small indeed. At the current stage of
] development this feature requires a reasonable knowledge of Linux -
] particularly the boot process - on the part of the sysadmin who
] implements it.
If you can encrypt the root filesystem and swap, you got it made.
The other partitions are a snap once you have that accomplished. The only
thing you need to be able to boot is lilo (if used) and the kernel with
the encrypting driver. This is doable.
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
