If I understand you correctly, you need a system where you have normal unix permissions for daily usage, to allow you and others legitimate access, and some sort of cryptography for when the system is down or the files are archived. For this the crypto filesystem in 7.2/7.3 would seem perfect. When the file system is mounted you have to give a password. If you don't know the password, all you're able to see is the name of the filesystem (e.g. /home) and I don't think any hacker could make use of that information. No filenames at all would be visible. When the system is mounted with the proper password, you can work with it just as you would any normal unix system. You as a user won't notice a difference, except perhaps that it would be a trifle slower, since it would go through an extra kernel decryption layer. If the system is trespassed (someone finds the password) the whole thing is compromised, but then again what system isn't. Good secure passwords are a cornerstone of most security systems. Also note that if this is regulated by federal law, there are probably federal regulations on what type of protection you need to have. I don't know if suse's system is certified to be used in such circumstances. If you should get any legal advice on this, please let us know. It would be useful information to have. regards Anders On Saturday 03 November 2001 21.31, jfweber@eternal.net wrote:
**** imagine; all of everything that is or was, can be reduced to an equation less than one inch long ! ***
okay, here's the question ... I've been reading the books included w/ the "pro" versions of Suse7.0-7.3 , but I am still unclear about how it works , for instance it claims to hide all your data on a laptop , so if it's "lost, strayed or the other thing " the person who relocates it wont even know there is anything there... The problem I have it , I have to find a way to protect files which are mandated by federal law to be kept most secret, and only ever transmitted w/ the express permission of the person they represent. ( gee, I hope that is deciferable enough, while letting you guys know it's a major big deal w/ federal penalties attached, but surprisingly does NOT concern government secrets ... ) There are two problems w/ say packing them into a nice archive and then making certain only one person has permission to open , read , or write to them... the first is, they may be required several times during a single day , and would need to be easy to access for the fileowner , and they are sometimes required by more than one person in the office for perfectly legal and permissable use ... So they can't just be bundled into an archive.. and there are sure to be several different files each day.. and archives , made easy enough to recognise ( we may be talking about 1000's or records here, sometimes many thousands ) the archive names would give the game away .. and it seems to me that a clever , shall we say "hunter" or "seaker" would know just where to go in the system, should they find a way to tresspass it.
So my solution to be practicle ( no good dreaming up a really secure setup if no one uses it!) was to have included this crypt file system for the ultimate storage , and perhaps some variant for the things needed more daily ... or perhaps up to some time in the more recent past, would have had some sort of archival storage which would keep casual browsers from noticing ( after all there are what seem like thousands of SuSE's files, for the document server and such, that are stored on one of the boxen here as archived files ... and these might be given some sort of a numbering system instead of names of the records , perhaps?
Any help or locations to search , specific to a suse distro would be most helpful ... I have, as I said , read the most obvious ones .. man pages and so on .... TIA