[201] in The Cryptographic File System users list
Re: using cfs with /home
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Oct 16 10:03:07 2000
From owner-cfs-users@crypto.com Mon Oct 16 14:03:07 2000
Return-Path: <owner-cfs-users@crypto.com>
Delivered-To: cfs-mtg@CHARON.MIT.EDU
Received: (qmail 28545 invoked from network); 16 Oct 2000 14:03:07 -0000
Received: from mx.crypto.com (207.140.168.138)
by charon.mit.edu with SMTP; 16 Oct 2000 14:03:07 -0000
Received: (from majordomo@localhost)
by MultiHostMXServer (8.9.3/8.9.x4) id JAA19960
for cfs-users-list; Mon, 16 Oct 2000 09:59:50 -0400 (EDT)
X-Authentication-Warning: mx.crypto.com: majordomo set sender to owner-cfs-users@crypto.com using -f
Received: from nsa.research.att.com (H-135-207-24-155.research.att.com [135.207.24.155])
by MultiHostMXServer (8.9.3/8.9.x4) with ESMTP id JAA15278
for <cfs-users@crypto.com>; Mon, 16 Oct 2000 09:59:48 -0400 (EDT)
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.30.102]) by nsa.research.att.com (8.7.3/8.7.3) with ESMTP id JAA07229 for <cfs-users@nsa.research.att.com>; Mon, 16 Oct 2000 09:59:47 -0400 (EDT)
Received: by mail-blue.research.att.com (Postfix)
id 1C0554CEB7; Mon, 16 Oct 2000 09:59:48 -0400 (EDT)
Delivered-To: cfs-users@research.att.com
Received: from black-ice.cc.vt.edu (black-ice.cc.vt.edu [128.173.14.71])
by mail-blue.research.att.com (Postfix) with ESMTP id B6F944CEB6
for <cfs-users@research.att.com>; Mon, 16 Oct 2000 09:59:47 -0400 (EDT)
Received: from black-ice.cc.vt.edu (valdis@localhost [127.0.0.1])
by black-ice.cc.vt.edu (8.12.0.PreAlpha2/8.12.0.PreAlpha2) with ESMTP id e9GDxkV25592;
Mon, 16 Oct 2000 09:59:47 -0400
Message-Id: <200010161359.e9GDxkV25592@black-ice.cc.vt.edu>
X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4+dev
To: "Ravikant K.Rao" <ravi@symonds.net>
Cc: cfs-users@research.att.com
Subject: Re: using cfs with /home
In-Reply-To: Your message of "Mon, 16 Oct 2000 06:19:07 PDT."
<20001016061907.B23833@symonds.net>
From: Valdis.Kletnieks@vt.edu
X-Url: http://black-ice.cc.vt.edu/~valdis/
X-Face: 34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n@w>#:{)FXyiAS7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb@d^L>BrX7iO[<!v4-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
References: <20001016061907.B23833@symonds.net>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_426353012P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Mon, 16 Oct 2000 09:59:46 -0400
Sender: owner-cfs-users@crypto.com
Precedence: bulk
--==_Exmh_426353012P
Content-Type: text/plain; charset=us-ascii
On Mon, 16 Oct 2000 06:19:07 PDT, "Ravikant K.Rao" <ravi@symonds.net> said:
> I was wondering if anyone had custom scripts built to work along
> with CFS so that the /home directory is maintained encrypted and the
> encryption/decryption process is done transparently so that normal users
> logging into the machine do not really know that crypt is working in the
> background, while system level security is maintained? I'd appreciate any
> pointers/links/suggestions/comments on this idea.
A noble goal, except that to make that work, you have to solve several
issues:
1) You have to get 'cattach' run to get the home directory in place. This can
be interesting, as many shells will check for the existence of $HOME very
early on, and give the infamous "No home directory - logging in with HOME=/"
message.
2) For a multi-user machine, you probably want to look at the interaction
between automounter, cfs, nfs, and the various file system caches (inodes,
data blocks, directories, etc). You might want to think about the impact
of somebody doing a 'make emacs' into a cfs filesystem (ouch ;)
3) You may want to consider whether your security issues require that
everything in $HOME be encrypted. You're taking a pretty heavy hit for
both performance and sysadmin issues, when quite likely only SOME of
the data needs encrypting. If your security needs are THAT high, you
need to be doing a complete system audit for a lot of really tough-to-fix
issues. For instance, it is well known that CFS is not very secure at all
against sniffer attacks on the loopback device....
4) Passphrase management becomes an issue - since their entire $HOME is
being protected with *one* passphrase, they need to pick a *really good*
one. Remember that English has only about 1.8 to 2.5 bits of entropy per
character, which means that you need an 80-character passphrase to get
the *effective* of 40-bit crypto. And remember that 40 bits is considered
*weak* for even a session key (a la HTTPS/SSL).
This last point is especially important when you consider that you're
doing this to the users, not giving them an option to do it...
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
--==_Exmh_426353012P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Exmh version 2.2 06/16/2000
iQA/AwUBOesJ0XAt5Vm009ewEQKrGQCg3hNCbAUvquSFQ4+11tPr1SFns8YAn3Y0
WPU2LO7iM7RfyajNqhn7SnBI
=ykaG
-----END PGP SIGNATURE-----
--==_Exmh_426353012P--
