[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Auto-unmounting secure partitions

To: linux-crypto@nl.linux.org
Subject: Re: Auto-unmounting secure partitions
From: "W. Michael Petullo" <mike@flyn.org>
Date: Mon, 11 Nov 2002 15:39:32 +0100
In-Reply-To: <20021111140343.GA20910@cybershamanix.com>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org
References: <memo.20021110210507.65253A@charsley.demon.co.uk> <20021111051702.GB20823@cybershamanix.com> <20021111085408.GA1414@dragon.flyn.org> <20021111140343.GA20910@cybershamanix.com>
Sender: linux-crypto-bounce@nl.linux.org
User-Agent: Mutt/1.4i

>>>> I've got a encrypted partition set up under /secure. I'd like the 
>>>> partition to be unmounted after no-ones used it for, say, 30 minutes.

[...]
 
>>> Of course you have to already have run losesetup. "crypt" will be a
>>> dir in /misc but anyone not having permissions won't even be able to
>>> see any dir there.
 
[...]
 
>> I don't get this.  If you've already provided an encryption key to
>> losetup, isn't the filesystem as good as mounted?  It seems to me that
>> at that point encryption is no more secure than filesystem permissions.
 
>> What are you using encryption to protect against?  What is the point
>> of using encryption if the filesystem is always unlocked and sitting
>> in /dev/loop (even if only root has access)?
 
>     Simply that it's invisible unless in use. But there isn't any security in
> any other method of auto mounting/unmounting either. If you have a script
> providing the passwd to losetup, where's the security?
>     As far as I'm concerned, you don't have any security unless you're using a
> long passphrase contained on a usb or pcmica drive which you keep in your
> pocket, and which runs a script to losetup and mount the encrypted partition,
> then unmounts it when the usb device is removed.

Again, I think a properly designed system can easily be more secure.
As I mentioned, pam_mount can mount encrypted filesystems when a user logs
in and unmount them when a user logs out using the login authentication.
Assuming a good authentication technique (ie: a physical token containing
a maximum-entropy 256-bit key or maybe a good, long passphrase) and
carefully audited software, this architecture can be made pretty secure.

As I mentioned before unmounting and mounting could easily be tied to
XScreenSaver for increased protection.

-- 
Mike

:wq
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

References:
- Auto-unmounting secure partitions
  - From: linux.crypto@charsley.com (Mark Charsley)
- Re: Auto-unmounting secure partitions
  - From: Harmon Seaver <hseaver@cybershamanix.com>

Prev by Date: Re: Auto-unmounting secure partitions
Next by Date: CryptoAPI
Prev by thread: Re: Auto-unmounting secure partitions
Next by thread: CryptoAPI
Index(es):
- Date
- Thread