[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Opiated file systems



> But, on the other hand, it wouldn't be to hard to have the user set both
> keys (yeah, so that didn't actually say anything, so what...), and then do
> an every-other-byte type thing (although that would be slow... every other
> block would be more efficient), and have 2 EFS's in one file, and make it
> so that on the "duress" one the extra space appears to be "free".
> One could make it a real file system, and add a fake disk error to prevent
> over-writing of the "non-duress" filesystem.

This sounds a lot like security through obscurity... What happens when 
someone reverse-engineers the software and sees that it's carefully 
skipping over blocks?

If you don't want people to know about your encrypted data, use stego. 
Even if They find the stego software, you can always produce the keys to
unlock the duress data from two or three .gif files, and say "that's all
there is." 

Use stego to hide data. Use encrypted filesystems for convenience. If you
try to put the two together, you'll probably end up with feature-bloat.


The idea of an encrypted filesystems being accessable over the internet 
sounds interesting, though. Sort of a cross between NFS and CFS. Would be 
great for backup purposes.


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: [email protected]   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)