 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> Yeah, sure, but the *key* has to be stored somewhere. ;-)
>
> Just use Windows built-in encryption, that works off your login password
> doesn't it?
Wouldn't that mean that every single time you change your login
password, all of your files instantly become unreadable?
What I suspect happens is that it's actually asymmetrically encrypted,
and the decryption key is encrypted with your login password. That means
if you change your login password, you gotta change one thing - the
encrypted decryption key - and all your stuff is still accessible.
> Even if the admin can remotely log in, they won't be able
> to read your encrypted files unless they somehow get your password.
Do you know what the "use reversible encryption" tickbox in AD does? >:-D
> Or just zip things up with a password.
Now *that* could actually work. Especially if you use that password for
nothing else. Now all the sysadmin needs to do is install a keylogger...
oh, wait... ;-)
Anything you can do, the sysadmin can undo. He controls the machine
you're using. You can't win. [Theoretically at least. In practice you
can make it too hard to be worth the bother.]
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 10:22:12 +0100, Invisible wrote:
> Jim Henderson wrote:
>
>> Well, it's not that difficult to understand - this is what happens when
>> technically incompetent people decide how to implement policy.
>
> What's technical? The sysadmin is, by definition, God. You can't stop
> God from doing things. QED. You don't need to know a thing about
> technology to comprehend this extremely simple principle.
You'd think so, but clearly the evidence suggests it's not that obvious -
otherwise they *would* have grasped it.
>> That said, there are ways, for example, to prevent a sysadmin from
>> seeing files in a filesystem. File-level encryption, for example - or
>> directory- level. With Linux, this is almost so simple as to be
>> trivial using encfs (of course with requisite Linux-foo skills).
>
> Yeah, sure, but the *key* has to be stored somewhere. ;-)
The key is in my head. If you can extract my password from my brain,
you'll have proven that you *are* God.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 11:40:39 +0200, scott wrote:
> Just use Windows built-in encryption, that works off your login password
> doesn't it? Even if the admin can remotely log in, they won't be able
> to read your encrypted files unless they somehow get your password.
If the built-in encryption keys off the login password only (ie, the
login password just unlocks the encryption key), then as an admin, you
just have to change the user's password. If there is a weakness to
encfs, that's what it is as well - the key is stored in an encrypted
keystore that's locked with the password (so I understand). But it's not
the login password, so if you root my machine and change my login
password, you're still not getting at the encrypted files.
Still, you could use something like truecrypt to get around that if it's
that critical the data be unreadable without the key.
> Or just zip things up with a password.
That's a pain to use, though - used to do that back in the early 90's - I
even wrote a wrapper program that took a randomization key and generated
a 256-character pseudo-random pkzip password for that purpose. Always
had to purge deleted files from the system after working on the code a
bit (old NetWare server, 2.15 and then 3.11).
If you don't securely wipe the unpacked files after you're done with
them, then they can be recovered from the drive with relative ease. And
while you're using them, the files are exposed.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
> What I suspect happens is that it's actually asymmetrically encrypted, and
> the decryption key is encrypted with your login password. That means if
> you change your login password, you gotta change one thing - the encrypted
> decryption key - and all your stuff is still accessible.
Yeh that's probably more like it - I just know that if you forget your login
password you can never get back your encrypted data.
>> Even if the admin can remotely log in, they won't be able to read your
>> encrypted files unless they somehow get your password.
>
> Do you know what the "use reversible encryption" tickbox in AD does? >:-D
AD? I normally tick the box in "encrypt" box in the file properties window.
> Now *that* could actually work. Especially if you use that password for
> nothing else. Now all the sysadmin needs to do is install a keylogger...
> oh, wait... ;-)
You can outsmart a key logger by simply typing in part of your password,
then clicking the pointer to move the cursor, and typing in another bit,
click again etc. On my bank log-in I have to choose the numbers with the
mouse, exactly to avoid keyloggers working I guess. But I guess then the
admin can install a mouse and screen logger too ;-)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
> Yeh that's probably more like it - I just know that if you forget your
> login password you can never get back your encrypted data.
Oh, you need only guess what the password is. ;-)
>> Do you know what the "use reversible encryption" tickbox in AD does? >:-D
>
> AD? I normally tick the box in "encrypt" box in the file properties window.
Active Directory. (The thing Windoze now uses to manage network user
accounts.)
There's a tickbox that allows legacy systems to interoperate with
Windoze. Legacy systems that require you to send the user's password in
the clear. What this option basically does is allow the sysadmin to know
what each user's password actually is. (Normally this isn't possible -
the server only stores a hash *of* the password, not the password itself.)
> You can outsmart a key logger by simply typing in part of your password,
> then clicking the pointer to move the cursor, and typing in another bit,
> click again etc. But I guess
> then the admin can install a mouse and screen logger too ;-)
...exactly.
And if that doesn't work, a kernel-level debugger can see every octet of
data in the machine's main RAM and swap file. There really is no escape.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> What's technical? The sysadmin is, by definition, God. You can't stop
>> God from doing things. QED. You don't need to know a thing about
>> technology to comprehend this extremely simple principle.
>
> You'd think so, but clearly the evidence suggests it's not that obvious -
> otherwise they *would* have grasped it.
*sigh* Human kind depresses me...
>> Yeah, sure, but the *key* has to be stored somewhere. ;-)
>
> The key is in my head. If you can extract my password from my brain,
> you'll have proven that you *are* God.
Pah. Humans are so predictable. You show me a strong password, I'll show
you a hidden paper note. ;-)
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 10:49:58 +0100, Invisible wrote:
> Anything you can do, the sysadmin can undo. He controls the machine
> you're using. You can't win. [Theoretically at least. In practice you
> can make it too hard to be worth the bother.]
That's the point of security measures - you raise the bar to the point
that the cost exceeds the value of the data. Basic security principle.
But my sysadmins don't have access to my machines. First, I've got two
laptops; I installed the OS and control the passwords. I also work from
home most of the time - 45 miles from the nearest sysadmin.
If I chose to encrypt files on my hard drive using encfs (as I use
openSUSE) - and indeed I have for some that are sensitive for the company
(but that they have copies of - source code, for example), they're not
getting the files from my machine. They *can* get them from the source
repository servers, though.
And from our earlier conversation where I blew it on data recovery from
wiped drives, I'd like to see them undo a secure wipe of the hard drives
in these laptops. Or the machines I traded in for the second laptop, for
that matter (pulled my data off them, wiped the drive so they could
install a fresh OS for the next user on it).
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 11:24:28 +0100, Invisible wrote:
> a kernel-level debugger can see every octet of data in the machine's
> main RAM and swap file.
Hmmm, so you've reversed your opinion on whether or not a memory dump is
useful? ;-) <scnr>
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 11:26:37 +0100, Invisible wrote:
>>> What's technical? The sysadmin is, by definition, God. You can't stop
>>> God from doing things. QED. You don't need to know a thing about
>>> technology to comprehend this extremely simple principle.
>>
>> You'd think so, but clearly the evidence suggests it's not that obvious
>> - otherwise they *would* have grasped it.
>
> *sigh* Human kind depresses me...
At times it does me as well. That's part of the curse of being smart;
it's easy to see how idiotic most of the populace is. Of course, we're
*all* idiots from time to time.
>>> Yeah, sure, but the *key* has to be stored somewhere. ;-)
>>
>> The key is in my head. If you can extract my password from my brain,
>> you'll have proven that you *are* God.
>
> Pah. Humans are so predictable. You show me a strong password, I'll show
> you a hidden paper note. ;-)
You won't find a hidden paper note on *my* desk. I do actually have a
background in security and systems administration, so I know not to do
that. Oh, and it's not on the bottom of my keyboard, either, so you can
forget looking there.
The paper? It doesn't exist for any of my passwords. I keep them *all*
in my head. I've got one password that I've been using for nearly 20
years (though not recently, now I think of it); > 20 characters long, and
even accidentally typed on the screen, it just looks like a random stream
of characters. Muscle memory is a wonderful thing.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> a kernel-level debugger can see every octet of data in the machine's
>> main RAM and swap file.
>
> Hmmm, so you've reversed your opinion on whether or not a memory dump is
> useful? ;-) <scnr>
Useful for trying to grab somebody's credit card number? Absolutely!
Useful for trying to work out why some piece of software that you know
nothing about has crashed? Not really, no.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
