[1797] in bugtraq
Re: password backdoors
daemon@ATHENA.MIT.EDU (Mark Joseph Crosbie)
Thu May 11 21:40:33 1995
To: "Lee J. Silverman" <lee@netspace.org>
Cc: bugtraq@fc.net
In-Reply-To: Your message of "Thu, 11 May 1995 18:34:07 -0400."
<Pine.LNX.3.91.950511182807.22707G-100000@netspace.org>
Date: Thu, 11 May 1995 19:26:16 -0500
From: mcrosbie@cs.purdue.edu (Mark Joseph Crosbie)
In message <Pine.LNX.3.91.950511182807.22707G-100000@netspace.org>, "Lee J. Sil
verman" writes:
> I seem to remember that someone (who probably reads this list so
>I'll feel terrible if I screw this up, but I think his name is Matt Blaze
>and I *think* he works for AT&T) wrote a secure filesystem that uses NFS
>on the local machine to interact with an encrypted filesystem. I do not
Matt's paper onc CFS is available on the COAST archive at:
ftp://coast.cs.purdue.edu/pub/doc/cryptography/Crypto-File-System.ps.Z
> As you can tell, my information is sketchy. I'm sure someone with
>more information will post and tell us where we can learn more.
Here is the Abstract for the paper:
Although cryptographic techniques are playing an increasingly
important role in modern computing system security, user-level tools
for encrypting file data are cumbersome and suffer from a number of
inherent vulnerabilities. The Cryptographic File System (CFS) pushes
encryption services into the file system itself. CFS supports secure
storage at the system level through a standard Unix file system
interface to encrypted files. Users associate a cryptographic key with
the directories they wish to protect. Files in these directories (as
well as their pathname components) are transparently encrypted and
decrypted with the specified key without further user intervention;
cleartext is never stored on a disk or sent to a remote file
server. CFS can use any available file system for its underlying
storage without modification, including remote file servers such as
NFS. System management functions, such as file backup, work in a
normal manner and without knowledge of the key . This paper describes
the design and implementation of CFS under Unix. Encryption
techniques for file system-level encryption are described, and general
issues of cryptographic system interfaces to support routine secure
computing are discussed.
Regards,
Mark.
----------------------------------------------------------------------
Mark Crosbie mcrosbie@cs.purdue.edu
COAST Archive Maintainer security-archive@cs.purdue.edu
COAST Group Tel: (317) 494-9313
Dept. of Computer Sciences Fax: (317) 494-0739
1398 Computer Sciences Building, Purdue University
West Lafayette, IN 47907-1398, USA
URL: http://www.cs.purdue.edu/people/mcrosbie (PGP key available here)
