On Mon, 8 May 2006, Michael Halcrow wrote:
Well, with eCryptfs, which, of course, is the crypto app I have in
mind in my examples, you don't really think in terms of an entire disk
being encrypted -- rather, you have individual files being encrypted
according to various policies. So yes, in this example, you have some
files in a USB pen drive that you would like to be accessible either
from your workstation in New York or your workstation in Texas, for
instance, and you are flying between New York and Texas.
It seems really unlikely to me that an attacker who is able to get (a) the
encrypted files and (b) the passphrase will be unable to (c) get past
whatever hardware requirement I have in place.
CEO Alice or Grandma Carol are probably going to end up compromising (c)
the same way they compromise the security of (a) and (b). And people who
*aren't* going to compromise the security of (c) are probably going to do
well with (a) and (b) too.
I just don't see "trusted" computing as being a win for desktop
applications.
~ Ross
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
