| Paul L. Snyder on Sat, 22 Dec 2001 06:00:21 +0100 |
|
On Fri, 21 Dec 2001, paul@dpagin.net wrote: > > Not "someone", the administrator. It makes sense to me: the purpose is > > to keep *other users* from accessing your files. This may be a bad If I'm recalling correctly, it isn't necessarily the local Administrator account on the W2K box; rather, it's an arbitrary "Designated Recovery Agent" or some such. With a workstation that's a member of a domain, you'd want to designate a domain user as the recovery agent. Let's see if I remember how this works. For each file to be encrypted: 1) W2K generates a random file encryption key (FEK). 2) W2K encrypts the file using a (fast) symmetric crypto alogithm (DESX), keyed with the FEK. 3) W2K encrypts the FEK using a (slow) public-key cipher (RSA), with the user's public key. This encrypted FEK is then attached to the file. 4) If the security policy on the machine is configured to do so, the FEK is then encrypted using the public key of each recovery agent in turn, and these encrypted keys are also attached to the file. > What I was thinking is that the administrator account could be > compromised, opening up even "encrypted" files to a cracker. I had used > a special Linux boot disk to change administrator passwords on a bunch > of NT Workstations (for non-evil purposes). There goes the encryption. In the above domain situation, the recovery agents' private keys are not stored locally. On the other hand, YOUR private key is stored on the hard drive, so if you were going to try to crack this, that wouldn't be a bad place to start. Microsoft's solution to this is to have you store your key off the hard drive, on a smart card. > I guess the EFS system is good for certain purposes. The idea, I suppose, is that the encryption works completely transparently - you don't have to train your users (until they copy a file to a FAT-formatted floppy, perhaps?) - everything works in accordance with the configured security policies. In addition, your nervous enterprise bigwigs have access to the encrypted data, if necessary - and once you hit a certain mass of employees, it does seem to be considered necessary. The (100k-user) company for which I work has been fairly undewhelmed by EFS, so far. It'll probably get rolled out with XP (which also fixes the problem where you can't both encrypt and compress files), but the general consensus seems to be that it's not really security to be trusted, at this stage. Okay, back to Linux. Check out: rubberhose [ http://www.rubberhose.org/ ] - Multiple levels of hidden encryption. The idea is that you can never prove that you've given up all your passphrases, and the folks physically coercing you can never prove that you really have more information in there, somewhere. Fun! StegFS [ http://www.mcdonald.org.uk/StegFS/ ] - Another plausible deniability solution (doesn't work with 2.4 kernels yet, though). The Steganographic File System, which hides data in unused sectors. As the author observes, though, "Using StegFS is a much harder task than writing it in the first place." pls Attachment:
pgpHv3I4pcgEc.pgp
|
|