Ralf Ronneburger wrote:
Martin Konold wrote:
As soon as a 3rd party has either root or physical access to your linux machine this party will be able to gain access to all volumes which are currently in use. E.g. it is trivial as user root to obtain all access permissions of any user on the system.
That is not true for encrypted disks as long as I don't enter the key (and the one who gained root-access has a keylogger installed). The data should be safe at least until then. Otherwise encryption would be senseless - you can get root on every machine with a boot-CD in minutes.
Encryption *is* senseless for anything but a mobile device like a laptop or a PDA. "If you think that encryption will solve your security problems, then you understand neither encryption nor security." -- attributed to several different people. Encryption is a technique for requiring a key to be able to transform cypher text into plain text. In terms of access control on a computer, what it does is change the access control problem into the *key* access control problem. Every program and user who needs access to the data will need the key. Before encryption, the attacker only had to obtain the privileges of these programs and users. After encryption, the attacker *still* only has to obtain the privileges of these programs and users, and then steal their keys. The one case where storage encryption makes sense is for mobile devices like laptops and PDAs. This is because you can put the key on a memory stick or such device and keep it in your pocket, *separate* from the device. You plug the key into the computer when you want to access the data, and use applications that keep the key in memory and *very* carefully avoid ever letting it page to disk. If you try this on a server, you end up with a Hobson's Choice: * If you store the key on the server, you get zero security value from encryption as the attacker can now steal the key and the data instead of just stealing the data. * If you do *not* keep the key on the server, then some human has to go down town and physically insert the key every time there is a crash or a power outage. You likely significantly degrade your service availability as a result. No, I'm not kidding: encryption is useless for data access control, don't bother with it, except in the personal context where the key and the data can be separated without compromising availability. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering http://novell.com --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org