[security-discuss] A per-user encrypted storage

Mon, 26 Feb 2007 16:43:10 -0800 (PST) 

> >>Then whilst reading the NWAM spec it mentioned that wifi
> >>passwords are also stored in clear text.

        As Nico pointed out, there's a difference between the system
        being the only one who can access wifi passwords.  I think
        even my Mac stores them in clear text.  And user applications
        accessing passwords.
> >
> >     I have sympathy with you.  I suspect what you really want
> >     is a tamperproof personal HW key store.
> >
> 
> If a solution is developed then it should be possible to
> choose to use a tamperproof personal HW key store
> instead of some less secure mechanism.
> 
> And it should be possible to use this as a plugin(?) for
> mozilla/firefox so that all of the passwords that it saves
> for you can be put there too.

        Hummm, if the applications use the Solaris Key Management
        Framework, I believe you can go all the way from HW token
        storage to local soft token storage.
> >  $HOME isn't that.
> >     Certainly you should restrict the access to owner only
> >     (600) and use Kerberized Secure NFS for $HOME.
> >
> 
> I've never tried using Kerberized Secure NFS for $HOME.
> If it stops Gary su'ing to Darren and being able to read Darren's
> files as Darren on Gary's desktop, then that is something :)
> Last time I tried fancy things with NFS was with NIS+ and
> got burnt.

        Indeed.  Sun IT is moving that way and Jurassic will be one
        of the first servers.  I'm pretty sure you can get this right
        now on Jurassic.  Check with the Kerberos project folk.  I believe
        they are doing it right now.

> >  Also consider
> >     making $HOME an encrypted file system.
> >  
> >
> 
> Are we likely to be allowed to make $HOME encrypted on
> jurassic any time soon ? :)  But maybe that is a bridge too

        I'm not sure if you can lofi mount on top of NFS.  If so,
        yes you can do it today.  If not, consider a local $HOME with
        lofi mounted crypto support and rdist to jurassic.  That does
        limit your ability to use $HOME on other machines.

> far because it impacts $HOME/public_html (or at least a
> redesign of how users interact with web serving.)  If I
> could just make .mozilla or .gaimrc be protected, that'd be
> nicer, but I don't want to have to enter n passwords for
> n files.

        In the short term, I think your best approach is Kerberized
        NFS.  If you can't have it literally today, you should be able
        to have it with a week.  See the Kerberos folk.

Gary..

Reply via email to