[94] in The Cryptographic File System users list
Re: /crypt security
daemon@ATHENA.MIT.EDU (Stephen D. Williams)
Mon Aug 17 15:57:32 1998
From owner-cfs-users@research.att.com Mon Aug 17 19:57:32 1998
Return-Path: <owner-cfs-users@research.att.com>
Delivered-To: cfs-mtg@bloom-picayune.mit.edu
Received: (qmail 10262 invoked from network); 17 Aug 1998 19:57:31 -0000
Received: from unknown (HELO rumor.research.att.com) (192.20.225.9)
by bloom-picayune.mit.edu with SMTP; 17 Aug 1998 19:57:31 -0000
Received: from research.att.com ([135.207.30.100]) by rumor; Mon Aug 17 15:50:23 EDT 1998
Received: from amontillado.research.att.com ([135.207.24.32]) by research; Mon Aug 17 15:53:17 EDT 1998
Received: from nsa.research.att.com (majordomo@nsa.research.att.com [135.207.24.155])
by amontillado.research.att.com (8.8.7/8.8.7) with ESMTP id PAA10514;
Mon, 17 Aug 1998 15:53:42 -0400 (EDT)
Received: (from majordomo@localhost) by nsa.research.att.com (8.7.3/8.7.3) id PAA02384 for cfs-users-list; Mon, 17 Aug 1998 15:48:18 -0400 (EDT)
X-Authentication-Warning: nsa.research.att.com: majordomo set sender to owner-cfs-users@nsa.research.att.com using -f
Received: from research.att.com (research.research.att.com [135.207.30.100]) by nsa.research.att.com (8.7.3/8.7.3) with SMTP id PAA02380 for <cfs-users@nsa.research.att.com>; Mon, 17 Aug 1998 15:48:16 -0400 (EDT)
Received: from lig.net ([204.248.145.100]) by research; Mon Aug 17 15:52:53 EDT 1998
Received: from iis.com (mg-20425422-142.ricochet.net [204.254.22.142])
by lig.net (8.8.8/8.8.5) with ESMTP id QAA08164;
Mon, 17 Aug 1998 16:03:00 -0400
Message-ID: <35D889DC.DED8FC08@iis.com>
Date: Mon, 17 Aug 1998 15:51:56 -0400
From: "Stephen D. Williams" <Stephen.Williams@iis.com>
Reply-To: sdw@lig.net
Organization: Internet Information Services
X-Mailer: Mozilla 4.5b1 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: Terje Elde <delta@mail-me.com>
CC: CFS Users <cfs-users@research.att.com>
Subject: Re: /crypt security
References: <Pine.LNX.3.96.980817182423.1070B-100000@gw.milliways.no>
Content-Type: multipart/mixed;
boundary="------------A8A5D03EDF82A05FEAF39718"
Sender: owner-cfs-users@research.att.com
Precedence: bulk
This is a multi-part message in MIME format.
--------------A8A5D03EDF82A05FEAF39718
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Yes, you are definitely missing the point.
The files are not unencrypted in a real directory under /crypt. In fact, they
are not unencrypted at all.
/crypt becomes a virtual filesystem view of the encrypted files allowing
particular data to be decrypted on the fly ONLY when the encrypted data is
attached to the virtual mount point via the passphrase. This means that the
only unencrypted data in a system is what an application gets from a proper
mount of /crypt. As long as the application doesn't save that unencrypted
data in the real filesystem, there is nothing unencrypted to look at after the
CFS daemon has gone away and/or detached an encrypted store.
It's similar to the idea of a compressed file system. You can't uncompress
everything for a session because there isn't anywhere to put it. You
compress/uncompress on the fly. Similar situation, different goal.
sdw
Terje Elde wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi all...
>
> - From what I understand of the documentation (haven't tested it yet) all
> the encrypted files are stored in /crypt, and so are unencrypted files
> while being accessed. Isn't that a huge problem?
> If someone wanted to access my data then the best thing would probably be
> to cut power to my house, then break in. If you cut power then the disk
> would still contain the unencrypted files in /crypt, and when mounted on a
> different computer they would be as readable as root on that computer
> wants, right?
> Or am I missing something here?
>
> Also, the latest version I found was 1.3.3 which is from march '96. Is cfs
> no longer under development?
>
> Terje Elde <delta@mail-me.com>
> - ------------------------------
>
> Do you know where *your* towel is?
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 5.0i for non-commercial use
> Charset: noconv
>
> iQA/AwUBNdhabxi8TE8Sl+8WEQI3XgCgv6OF4oeM46D5JnKE5E7uA9R0zPIAnArD
> n1TCI6e0yFsFxStiGLjQt5Fc
> =GIHn
> -----END PGP SIGNATURE-----
>
>
--
Stephen.Williams@iis.com (Stephen D. Williams) Senior Consultant http://sdw.st
43392 Wayside Cir.,Ashburn, VA 20147-4622; 703-724-0118W 703-995-0407Fax
Internet Information Services, Tech Lead
--------------A8A5D03EDF82A05FEAF39718
Content-Type: text/x-vcard; charset=us-ascii;
name="sdw.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Stephen D. Williams
Content-Disposition: attachment;
filename="sdw.vcf"
begin:vcard
n:Williams;Stephen
tel;pager:888-768-9779
tel;cell:703-795-8739
tel;fax:703-995-0407
tel;home:703-729-5405
tel;work:703-724-0118
x-mozilla-html:TRUE
org:IIS
adr:;;43392 Wayside Circle;Ashburn;VA;20147-4622;USA
version:2.1
email;internet:Stephen.Williams@iis.com
title:Senior Consultant
fn:Stephen D. Williams
end:vcard
--------------A8A5D03EDF82A05FEAF39718--
