Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : Paraniod : Re: Paraniod Server Time
7 Sep 2024 17:16:45 EDT (-0400)
  Re: Paraniod  
From: Jim Henderson
Date: 4 Jul 2008 06:09:33
Message: <486df6dd@news.povray.org>
 
On Fri, 04 Jul 2008 11:40:39 +0200, scott wrote:

> Just use Windows built-in encryption, that works off your login password
> doesn't it?  Even if the admin can remotely log in, they won't be able
> to read your encrypted files unless they somehow get your password.

If the built-in encryption keys off the login password only (ie, the 
login password just unlocks the encryption key), then as an admin, you 
just have to change the user's password.  If there is a weakness to 
encfs, that's what it is as well - the key is stored in an encrypted 
keystore that's locked with the password (so I understand).  But it's not 
the login password, so if you root my machine and change my login 
password, you're still not getting at the encrypted files.

Still, you could use something like truecrypt to get around that if it's 
that critical the data be unreadable without the key.

> Or just zip things up with a password.

That's a pain to use, though - used to do that back in the early 90's - I 
even wrote a wrapper program that took a randomization key and generated 
a 256-character pseudo-random pkzip password for that purpose.  Always 
had to purge deleted files from the system after working on the code a 
bit (old NetWare server, 2.15 and then 3.11).

If you don't securely wipe the unpacked files after you're done with 
them, then they can be recovered from the drive with relative ease.  And 
while you're using them, the files are exposed.

Jim


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.