[1054] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Secure Filesystem

daemon@ATHENA.MIT.EDU (Kurt Hockenbury)
Thu Aug 22 07:27:08 1996

Date: Wed, 21 Aug 1996 11:20:48 -0400 (EDT)
From: Kurt Hockenbury <khockenb@ares.cc.stevens-tech.edu>
To: Jeffrey Barber <jab@rock.anchorage.net>
cc: "'Linux Security Mailing List'" <linux-security@tarsier.cv.nrao.edu>
In-Reply-To: <01BB8E66.14FAA6C0@jabpc.jabsoft.com>



On Tue, 20 Aug 1996, Jeffrey Barber wrote:

> I have been approached do write kernel mods to linux that will pgp
> encrypt the entire file system. At boot up you will be prompt for the
> file system password. Great idea, HUGE project. My question is, is this
> already in the makings or is it already out there. Your input would be
> greatly appreciated.
> 
> [REW: I've seen references (excluding the PGP part) to encrypting file
> systems in the "loop device" and the "user-fs" area.

  It's not PGP, but there is also CFS, the Cryptographic filesystem, which
works via an NFS mount.  I've played with it on linux, and it seems to
work well.  It's written by Matt Blaze, there are papers describing it at
ftp://research.att.com/dist/mab/

  CFS runs on most major Unixes, has support for several ciphers (DES, 
3-DES, MacGuffin, and SAFER-SK128), and has hooks for adding new ciphers.

  The only drawback is you need to send mail, stating that you are in US
or Canada, and a citizen or permanent resident, to get a copy sent to you. 

  You could probably also find illegally exported copies in non-US securty
archives, but this list isn't the place to discuss US export law.

	-Kurt
-- 
                                                                      [Place]
snail://USA/07030/NJ/Hoboken/PO Box 5136/Kurt M. Hockenbury           [Stamp]
                                                                      [Here.]

home help back first fref pref prev next nref lref last post