Anonymous (nobody@replay.com)
Sat, 18 Jul 1998 05:04:58 +0200
(another) Anonymous wrote:
>I'd say go ahead and stick in as many cyphers as possible. Put in DES,
>IDEA, 3DES, Twofish, Blowfish, CAST-128, and others. Let the user decide
>how to stack them up. Warn users of cyphers like Twofish that the cypher
>is new. In fact, including descriptions and strength/weakness lists for
>each of the cyphers is probably a good idea.
To reiterate what was said in my much-ridiculed other post (in this
soon-to-be-much-ridiculed post :), it's possible to chain them in a way
that lets the chain be provably as secure as one of the ciphers.
Also, I would take single-DES out of the lineup, or at least put very very
very strong warnings with it.
...
>2) Allow a variety of key schemes. Maybe the user wants to use a keydisk.
>Maybe the user wants to keep the keys in a file on the drive, and then
>keep that file encrypted with a keydisk. Maybe the user wants to keep an
>encrypted keydisk around and require that.
XOR is equally secure (i.e., not knowing one of the keys still leaves the
attacker clueless), but it's mostly a matter of taste, I guess...
Again, optionally having a volume's key stored _only_ in memory (XORed
with a hashed passphrase while you're away?) Would Be Nice -- Very Nice if
it were a cryptodeniable volume.
>
>3) Allow for a "panic key." If the ninjas come through your windows, you
>hit the key and it emergency unmounts the filesystems then starts wiping
>the keys. Make sure this is secure.
I agree, hence my almost-passphraseless-volume option: no sneaky cutting
off the power before the raid to stop you from doing a wipe. Of course,
you have to treat the thing like a RAM disk of yore, and that can be a
real pain in the ass.
Perhaps you could keep the XORed-with-a-hashed-passphrase key on disk only
while the computer is authorizedly shut down, letting you use your power
switch as a "ninja" key. But then, if they see your hard drive while the
key's there, they could try to torture the passphrase out of you, and that
would kind of suck.
Of course, they could do the same with an XORed-with-a-hashed-passphrase
key in memory if they could get you while you're away from the box, except
then your box could get rid of the key after a couple bad passphrases, and
they'd kill you, or torture you as completion of a threat made
beforehand...but it's still not as bad, I guess, as them getting all the
tries they want at the key.
That was the whiskey talking...
...
>
>5) While you're hacking away, set up a way to securely wipe a disk file
>using data from the user's choice of /dev/urandom or /dev/random.
>(/dev/random is more secure but is much slower.)
I'm not too educated about Linux, but I don't think the random devices are
too well-known for their security. You could use the OFB mode of the
construct used for encryption, keyed in a dead-serious manner, in
/dev/random's place.
>
>6) Write a little console administration utility. The user should be able
>to play with key-disks, mount and unmount filesystems, change keys easily
>(important!), wipe specific encrypted filesystems, etc. This will go a
>long way towards getting more people to use it.
Si!
...
>8) It's really important to protect against software tampering. Your
>security is worthless if somebody can come into your office, pull out your
>drive, replace your utilities with their own versions, put it back, and
>come back later to get your passphrases or pick them up over the net. If
>it's done right, there are so many software backdoors in your system that
>you'll never get them out with anything short of a complete reinstall of
>all your binaries and your OS.
Some BIOSes let software fool them into bypassing the floppy drives in
favor of the hard drive, which could harbor in its boot sector a malicious
ware that made everything look dandy while it snagged and released your
passphrase, then replaced itself with the original startup code, leaving
behind no obvious signs that _you_, friend, _you_ have just been violated.
However, in the absence of a definitely-executed (hardware?) checker
beyond the reach of said malicious ware, there's not much hope of
defending against that kind of attack.
...
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:36 ADT