On Fri, 9 Jun 2006 01:24:24 -0700 (PDT), Phil H <philtickle200@xxxxxxxxx> said: > Interesting discussion. > By not tamperproof, I imagine you are referring to the type of attacks > where an attacker does something to the first portions of ciphertext > in order to trick the user into revealing their password? Well, for one thing, once the filesystem is mounted, an attacker can still mess with your files. > I can't help wondering if it shouldn't be possible to hash the entired > encrypted device and seperately gpg encrypt that hashfile in order to > subsequently detect whether or not the ciphertext on the device had > been tampered with? Yes, it should be entirely possible. Although you probably want to gpg sign it instead of gpg encrypt it. But the downside is that you need to read the entire disk to check if it's been tampered with. I guess it all depends on your level of paranoia, and how much you're willing to put up with in the name of security. -- Hubert Chan - email & Jabber: hubert@xxxxxxxxx - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA (Key available at wwwkeys.pgp.net) Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
