Re: encrypted filesystems
- From: David Schwartz <davids@xxxxxxxxxxxxx>
- Date: Sun, 17 Aug 2008 15:20:50 -0700 (PDT)
On Aug 17, 2:16 pm, Måns Rullgård <m...@xxxxxxxxx> wrote:
This is precisely what encryption is supposed to prevent -- getting
back data that is different from what you gave it.
Encryption is for keeping data secret.
Right, and in this example, the encryption failed to keep the data
secret by failing to protect the integrity of an access control
mechanism.
Checksums are for verifying
data integrity. They can each be used alone or combined, and cases
can be imagined where any of the four possible combinations is
preferred.
Right, but there is a huge risk when you don't combine them. Failure
to ensure the integrity of access control information can result in
failure to keep other information secret. An encryption solution that
doesn't protect the integrity of data may wind up not keeping its
contents secret either.
Certainly it's a fair question whether or not the encryption is to
blame or not. I would argue that if it doesn't at least mention this
possible system vulnerability, then the encryption is at least
partially to blame.
DS
.
- Follow-Ups:
- Re: encrypted filesystems
- From: phil-news-nospam
- Re: encrypted filesystems
- References:
- encrypted filesystems
- From: Duane Evenson
- Re: encrypted filesystems
- From: David Schwartz
- Re: encrypted filesystems
- From: phil-news-nospam
- Re: encrypted filesystems
- From: David Schwartz
- Re: encrypted filesystems
- From: Måns Rullgård
- encrypted filesystems
- Prev by Date: Re: encrypted filesystems
- Next by Date: Re: encrypted filesystems
- Previous by thread: Re: encrypted filesystems
- Next by thread: Re: encrypted filesystems
- Index(es):
Relevant Pages
|
