Jean-Luc Cooke wrote: >You're trying to make water not wet. You're trying to make software secure >when running on a system you claim to have been comprimized. This is a >losing proposition. > No, you're missing the point. I'm trying to secure, for example, a laptop that might get stolen. I'm trying to make the data on said laptop useless to anyone who gets the laptop but not my key (until they crack it). In other words, I'm working with reality ... >If you want to have a system that is secure reguardless if your box has been >trojend or comprimized in any other way, then you need a hardware crypto >token. There's no other way around this. > I already said that I want an external USB-style key system to actually do either the storage of the key or the crypto work; that was in my first message. >That being said, it's best to make the system faster, easier, simpler or all >of the above if we agree you can't trust software in your server room. > > This doesn't sound like you feel like dealing with what I said; you've in fact given no reason why the crypto or keying should be in the kernel as you proposed. My first response quite simply said that its better off in user space and that you gain nothing by having it in kernel space. My second response gave reasons why this is so and offered an 'ultimate' solution which would also reside in user space (but not related to my first response which revolved around loop devices). -- Michael T. Babcock C.T.O., FibreSpeed Ltd. http://www.fibrespeed.net/~mbabcock - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
