[75] in The Cryptographic File System users list
Re: Keyfile
daemon@ATHENA.MIT.EDU (Matt Blaze)
Mon Apr 27 21:58:07 1998
From owner-cfs-users@research.att.com Tue Apr 28 01:58:06 1998
Return-Path: <owner-cfs-users@research.att.com>
Delivered-To: cfs-mtg@bloom-picayune.mit.edu
Received: (qmail 16945 invoked from network); 28 Apr 1998 01:58:05 -0000
Received: from unknown (HELO rumor.research.att.com) (192.20.225.9)
by bloom-picayune.mit.edu with SMTP; 28 Apr 1998 01:58:05 -0000
Received: from research.att.com ([135.207.30.100]) by rumor; Mon Apr 27 21:53:40 EDT 1998
Received: from amontillado.research.att.com ([135.207.24.32]) by research-clone; Mon Apr 27 21:55:10 EDT 1998
Received: from nsa.research.att.com (majordomo@nsa.research.att.com [135.207.24.155])
by amontillado.research.att.com (8.8.7/8.8.7) with ESMTP id VAA00234;
Mon, 27 Apr 1998 21:55:07 -0400 (EDT)
Received: (from majordomo@localhost) by nsa.research.att.com (8.7.3/8.7.3) id VAA11974 for cfs-users-list; Mon, 27 Apr 1998 21:52:47 -0400 (EDT)
Received: from research.att.com (research.research.att.com [135.205.32.20]) by nsa.research.att.com (8.7.3/8.7.3) with SMTP id VAA11969 for <cfs-users@nsa.research.att.com>; Mon, 27 Apr 1998 21:52:44 -0400 (EDT)
Received: from fbi ([135.205.51.3]) by research; Mon Apr 27 21:54:46 EDT 1998
Received: from fbi (mab@localhost)
by fbi (8.8.5/8.8.5) with ESMTP id VAA13970;
Mon, 27 Apr 1998 21:53:33 -0400 (EDT)
Message-Id: <199804280153.VAA13970@fbi>
X-Authentication-Warning: fbi: mab owned process doing -bs
X-Mailer: exmh version 1.6.9 8/22/96
To: John R MacMillan <john@interlog.com>
cc: cfs-users@research.att.com
Subject: Re: Keyfile
In-reply-to: Your message of "Mon, 27 Apr 1998 12:12:14 EDT."
<13220.893693534@algorithmics.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 27 Apr 1998 21:53:25 -0400
From: Matt Blaze <mab@research.att.com>
Sender: owner-cfs-users@research.att.com
Precedence: bulk
Check out the "cmkkey" command included in the latest release.
It allows you to make a private copy of a cfs key file, which you
could have on some removable media like a floppy-based filesystem.
You'd once you have the private key file, you could change the
passphrase on the "original" directory to something with very high
entropy. If you're brave, you could even remove the ..k file in the
root of the encrypted directory.
-matt
> I was reading the documentation for a DOS encrypted filesystem
> product, and it had a feature I found interesting, and wondered if it
> would make sense in CFS. Disclaimer: I am by no means a crypto
> expert so I don't really know if this is a good idea or not.
>
> The command to mount the encrypted drive (the cattach equivalent)
> could be given a keyfile to get some (fixed, I think) number of bits
> of passphrase out of. I couldn't tell whether this was in lieu of a
> typed passphrase or in addition to, but it sounded like it could be
> either. I presume if you used both, the final passphrase was the XOR
> of the keyfile plus the typed passphrase.
>
> This would allow fairly easy construction of a physical key, by
> making a floppy disk with the keyfile, for example. In conjunction
> with a typed passphrase, it would seem to me to allow for a stronger
> final passphrase, since the one on diskette would not have to be
> memorable.
>
> Another advantage the documentation claimed is that if you told it to
> look for a keyfile, but it was not found, it would issue a warning
> but proceed to ask for a passphrase anyway and just use that. This
> was said to be defense against rubber hose crypto, since you could
> claim you lost/destroyed the keyfile and make up a bogus passphrase
> that wouldn't work without the keyfile. (Obviously, this would only
> work against a `soft' rubber hose. :-) )
>
> Any comments?
