[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: removal/truncation of cryptofile too easy
On Thu, 2002-11-28 at 12:52, Skyscraper System Administrator wrote:
> What I was wondering though.
> I can change attributes of files on the crypto filesystem (i.e. 'within'
> cryptofile) with 'chattr'. However, when the filesystem is unmounted
> and detached, I can just with a few keypresses remove or truncate the
> cryptofile, attributes or no attributes.
not if the loopimage is only accessible by root (or some other account
you regard as being privileged wrt to that loopimage); then you'd have
to acquire root accesss;
but keep in mind, encryption is only meant to keep people from
decrypting your data, not for keeping them from damaging/modifying it;
if you need protection against unnoticed modification (-> data
integrity) you'll have to use signatures; and I've you want to keep them
from damaging data, you need proper authorization schemes
regards,
--
Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840
Email: hvr@hvrlab.org / Finger hvr@gnu.org for GnuPG Public Key
GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/