Musings about on-disk encryption in Fedora Core
Nils Philippsen
nphilipp at redhat.com
Tue Jul 6 15:04:59 UTC 2004
On Tue, 2004-07-06 at 16:54, mike at flyn.org wrote:
> I would also argue that if I have access to your account than I eventually
> have access to your PGP keys. I can install something in .bash_profile and I
> can read your process memory, right?
>
> I suppose that one could argue that all these passphrases and passwords are a
> defense in depth technique, but here is a fundamental problem: your system
> authentication token says to the system "this is me" and if that is not the
> case then all else is eventually doomed.
Well:
- Because you mentioned it: having my PGP keys on a USB stick that I
carry around with me, an attacker is at least forced to try to read my
memory or install a key logger, mere mailing home .gnupg/secring.pgp
from .bashrc won't work. I know that this is not 100% secure (what is?),
but it's a reasonably high hurdle.
- Having login and secret storage authentication tokens separate allows
me at least to tell the system "this is me and I want this accessible
now". It's the same with not logging in as root, but using su when you
need sufficient privileges ;-).
Nils
--
Nils Philippsen / Red Hat / nphilipp at redhat.com
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20040706/dcdb713a/attachment-0002.bin
More information about the devel
mailing list