Humm...arguments start like this. On Tue, Oct 29, 2002 at 05:40:14PM -0500, Michael T. Babcock wrote: > >You're trying to make water not wet. You're trying to make software secure > >when running on a system you claim to have been comprimized. This is a > >losing proposition. > > > > No, you're missing the point. I'm trying to secure, for example, a > laptop that might get stolen. I'm trying to make the data on said > laptop useless to anyone who gets the laptop but not my key (until they > crack it). In other words, I'm working with reality ... So we're after the same goal, good. > >If you want to have a system that is secure reguardless if your box has been > >trojend or comprimized in any other way, then you need a hardware crypto > >token. There's no other way around this. > > > > I already said that I want an external USB-style key system to actually > do either the storage of the key or the crypto work; that was in my > first message. Your first message was not clear to me. > >That being said, it's best to make the system faster, easier, simpler or all > >of the above if we agree you can't trust software in your server room. > > > > > > This doesn't sound like you feel like dealing with what I said; you've > in fact given no reason why the crypto or keying should be in the kernel > as you proposed. My first response quite simply said that its better > off in user space and that you gain nothing by having it in kernel > space. My second response gave reasons why this is so and offered an > 'ultimate' solution which would also reside in user space (but not > related to my first response which revolved around loop devices). Gain nothing in kernel space? What's your argument for userspace then, because I fail to see any value to it. Seems this is a Endian issue (as in Gulliver, not Intel/Motorola). So I'd be inclined to not change anything if there is no clear advantage. My interpretation of your second reply to me was that you assumed the laptop was stolen and you want to gain access. Which is very different from getting your laptop stolen and trying to protect data. This is where I think you overlooked the subtle difference in requirements. 1) You need to securely recover data from a possibly compromised machine, 2) You only require data to remain inaccessible in the event of compromise. #2 is a subset of the requirements in #1. To comply with #2, the USB based system will work great, kernel-space or not. #1 can only be done reliably in hardware, if the machine was rooted in kernel-space, user-space or ld.so then you're hosed. JLC -- http://www.certainkey.com Suite 4560 CTTC 1125 Colonel By Dr. Ottawa ON, K1S 5B6 C: 613.263.2983 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
