Re: Automatic encryption of stored messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 27/04/10 10:40 -0400, Mikhail T. wrote:
Is there a way to encrypt all of the Cyrus' user-specific files on the disk? So that somebody breaking in -- or stealing the server -- has no access to the messages (and other data) unless a user's password is also available?

Interesting question! info-cyrus list is probably more appropriate for
this question.

   * A somewhat secret "salt" and the location of a (memory-backed)
     cyrus-only directory, such as /tmp/cyruspw, are set in a config-file.
   * A user logs in using a pam-module, which creates a symlink such as
     /tmp/cyruspw//user/ -> somehash(/salt/+/password+user/).

The PAM requirement would force the use of saslauthd, and plaintext only
authentication mechanisms, which potentially degrades the over-the-wire
security between the client and server.

I think, this ensures reasonable protection for the stored messages without any cooperation from the MUA -- a stolen server (or a decommissioned hard-drive) will not reveal user's e-mails. Also, each user is assured, that their old emails are not accessible to anyone, /when he isn't accessing them himself/.

This may be possible to do right now -- without changing the Cyrus' code at all -- by using encrypted filesystems. Unfortunately, it means, each user's files would have to reside on their own filesystem... The proposed mechanism would provide a better way without /too much/ trouble. What do you think?

Another opt-in approach would be for users to encrypt all private messages
within the MUA using PGP/GPG.

--
Dan White

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux