Re: need some feedback please

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 9 Jun 2006 01:24:24 -0700 (PDT), Phil H <philtickle200@xxxxxxxxx> said:

> Interesting discussion.

> By not tamperproof, I imagine you are referring to the type of attacks
> where an attacker does something to the first portions of ciphertext
> in order to trick the user into revealing their password?

Well, for one thing, once the filesystem is mounted, an attacker can
still mess with your files.

> I can't help wondering if it shouldn't be possible to hash the entired
> encrypted device and seperately gpg encrypt that hashfile in order to
> subsequently detect whether or not the ciphertext on the device had
> been tampered with?

Yes, it should be entirely possible.  Although you probably want to gpg
sign it instead of gpg encrypt it.  But the downside is that you need to
read the entire disk to check if it's been tampered with.  I guess it
all depends on your level of paranoia, and how much you're willing to
put up with in the name of security.

-- 
Hubert Chan - email & Jabber: hubert@xxxxxxxxx - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA   (Key available at wwwkeys.pgp.net)
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA


-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux