[NBLUG/talk] Crypt Filesystems

Lincoln Peters petersl at sonoma.edu
Tue Jul 25 22:41:44 PDT 2006 

On Jul 25, 2006, at 3:08 PM, Jacob Appelbaum wrote:

> If you're really going to script the password, I've gotten around this
> by using expect in similar situations. However, it requires great care
> that the expect script it protected as are the keys used in the  
> process.

Here's what I do (at least, this is what I did until my ReiserFS  
filesystem failed):

Every partition on every drive is encrypted using dm-crypt (the  
successor to cryptoloop).  Swap filesystems use a random key (making  
recovery practically impossible), while other filesystems use a key  
that I store on a 3.5" floppy disk.  Without the keys, it should be  
impossible to determine ANYTHING about the drive or what's on it  
except for its partition table.  And if I have a security disaster  
(e.g. secret police breaking down my door to seize my computer), I  
can destroy the disk, making the contents of the hard disk  
irrecoverable.

A few ways I can think of to make this even more secure (but I  
haven't tried them yet):

* Use a 5.25" floppy for the key.  They fit in a paper shredder much  
more easily than a 3.5" floppy (making them easier to destroy in an  
emergency), but the disks (and the drives) are harder to find these  
days.  Of course, the rarity of 5.25" floppy drives could offer yet  
another (albeit small and most likely insignificant) layer of security.

* A CD might be another option, but I'd be inclined to make a  
"superkey" that fills up the entire CD, and then use a hashing  
function to shrink it down to a size allowed by AES.  I figure that  
if you had to break the CD to prevent unauthorized access, this would  
drastically reduce the chance that the key could be recovered by  
reassembling the shards (you never know what kind of tools the bad  
guys will have at their disposal!), since the data on the CD where  
the actual breaks are would theoretically be irrecoverable by ANY  
means.  However, you'd have to ensure that the hashing function you  
use doesn't follow any pattern where the total number of possible  
outputs is less than the total number of possible keys (I figure a  
simple XOR hash would fit this criteria, and it would run faster than  
just about anything else).

* Use a USB flash drive to store your keys.  This wouldn't  
necessarily add any security to your system, but you could keep the  
drive with you at all times, just in case the bad guys seize your  
computer while you're not around.  Just make sure that the flash  
drive can be destroyed at a moment's notice, if you think it may be  
necessary to do so.

* This won't foil a determined foe, but you could set up your desktop  
computer to boot off an NFS server, instead of using an internal hard  
disk.  Assuming you carefully hide the NFS server (you could probably  
hide a mini-ITX case easily enough), if the bad guys seize your  
computer, imagine the expressions on their faces when they discover  
that the computer has no hard drive!  (Note that you'll need a very  
fast network for this to work without a significant performance  
penalty--at least 1Gb/s, preferably even faster.)


You may also want to keep a spare disk with your keys, in case you do  
have to destroy the main disk but want to be able to access the data  
later.  If you do, make sure that the spare key is well-hidden, and  
don't tell anyone where it is.  Don't even offer hints!


--
Lincoln Peters
<petersl at sonoma.edu>

Whatever you may be sure of, be sure of this: that you are dreadfully  
like
other people.
                 -- James Russell Lowell, "My Study Windows"

More information about the talk mailing list