Hi Javier, Thank you for your reply. Given the hypothetical (but all too possible) situation you describe, there are different considerations.
> Now imagine the worst situation, that a friend wants to protect his data > from his corrupt dictatorial government Absolutely a possibility. There are many levels of secrecy -- filesystem encryption prevents the contents from being known, but does not hide the fact that there is a secret. The presence of a secret could be enough right there. The kind of government you describe doesn't need to find evidence in order to "disappear" a person. This also makes it all the more possible that, if his house is raided and encrypted files are found, someone might try to torture the information out of him. (Even if the partition is named something harmless-sounding, I can't imagine cops anywhere who wouldn't demand it be decrypted so they could check it, and refusal would not look good.) In any case, with EncFS we're talking about a technological solution in which the encryption key is stored alongside the encrypted media, so whatever the password concerns are, this is unsuitable for keeping information truly secret when a hostile person might have enough physical access to the drive. I think it is entirely too likely that a government like this either would be able to compromise the data (with or without recovering the passwords), or would be willing to punish him just for having encrypted data to begin with, if they know he has it. > Then my question is: is EncFS good enough to protect his data? > I think the SD with stored password is a good solution. While he is not > in the house, he can carry the SD or have it hidden somewhere. While he > is in the house, and police enter, he might have enough time to probably > destroy the SD and turn off the computer. With the level of danger involved here, I think the security issue is more that there be some rapid way to destroy any evidence of the existence of the data (possibly destroying the data itself), rather than making sure the password stays safe. Destroying the SD card is a start, but really a person under this kind of government would need to be able to say "No, there are no secrets," not "Here's a filesystem that you can't read." That was my point in the original email -- while there are some interesting technical problems here, I think in this case the digital security is less important than the social/personal security surrounding it. Or, rather, the digital security will not wind up being the weakest link in the chain. I wonder if in this situation it might be more appropriate to store the encrypted filesystem on an external pluggable device, like a USB key. If a person in this environment were not using many multimedia files, then storage needs might be very moderate, able to fit on some of the larger USB keys (8-16 GB) that can be had for around US $30. (I don't know what kind of budget a person in this situation might have). But by storing any incriminating files on an external medium, preferably a (physically) small one, and then encrypting that, a person could both hide the very existence of prohibited data, and also have a data store that can be more easily hidden or destroyed during a police raid. (Chuck it in the sewer or something if needs be). If the computer is seized or stolen while the person is away, oh well; there's nothing incriminating on the computer, not even any suspicious encrypted filesystems. That's if there is a reasonable reaction time before being taken into custody. I really don't know whether it'd be better to keep this on his person with a plan to ditch or destroy it, or to find a hiding place the police wouldn't check where it could be accessed without arousing suspicion. Good luck to any person who finds himself in such a situation. As to passwords, another method that works well is to take the initials of a memorable phrase, and then make a few predictable changes. For instance, you could take the phrase "working to enhance civil liberties by overthrowing kings and dictators" to create w2EcLx0K&D -- which has a decent 10-char length with some character distribution while remaining very memorable. I hope all this helps. > I think the SD with stored password is a good solution. While he is not > in the house, he can carry the SD or have it hidden somewhere. While he > is in the house, and police enter, he might have enough time to probably > destroy the SD and turn off the computer. > > What would you recommend in this imaginary case? On Sun, Feb 22, 2009 at 8:03 PM, Javier <javu...@gmail.com> wrote: > Jeff Soules escribió: >> As Ron said, the problem you're describing is a little bit different >> from the one the man page talks about. >> >>> The most intrusive attacks, where an attacker has complete control of >>> the user's machine (and can therefor modify EncFS, or FUSE, or the >>> kernel itself) are not guarded against. Do not assume that encrypted >>> files will protect your sensitive data if you enter your password into a >>> compromised computer. How you determine that the computer is safe to >>> use is beyond the scope of this documentation. >> >> Seems to me that the man page is talking about two situations: >> >> #1. Someone has rooted your box. In this case, your encryption can be >> bypassed, because unless your secret passphrase is actually an entire >> RSA key, the password is just a gatekeeper and everything needed to >> decrypt the fs is on the box. A (sufficiently clever) attacker with >> root (and enough time) could modify the EncFS program itself to bypass >> the password check and just decrypt your files. >> >> #2. Your box is keylogged, or (for some unknown reason) you put in >> your decryption password on a compromised/keylogged other box. This >> isn't strictly an offline attack, it could happen remotely if the >> password is compromised. I suppose you could get around this by >> automating the way your fs password is input (although if it's >> automated input over stdin, couldn't a properly designed keylogger >> still eavesdrop on it?), but that's kind of missing the point, which >> is if situation #2 happens, you will soon find yourself in situation >> #1. There, the real questions to ask are "how do I avoid getting a >> keylogger" and "how do I catch a user account compromise before the >> attacker can gain root." Taking steps in response to those questions >> will make you much more secure across the board. >> >> >> If you're simply worried about protecting your filesystem from offline >> attacks, i.e. someone has physical access to your computer without >> having rooted it or whatever, then (as always with security) it >> becomes a question of how good is good enough. How long can someone >> sit at your computer trying to log in before it locks out for half an >> hour? How long before you (or someone else) comes back to stop them? >> Having logged in, how long before they manage to decrypt the >> filesystem without using EncFS? Etc. We're starting to talk about a >> very dedicated attacker at this point, who must have a compelling >> motivation for attacking your box specifically; these aren't >> government secrets, right? At any rate, in this kind of situation, >> other security considerations and means of attack >> (http://xkcd.com/538/) start to come into play. In fact, the main >> scenarios I can imagine are either that you're trying to keep personal >> files secret from a prying but technically skilled family member, or >> that you're protecting a corporate environment from some kind of >> industrial espionage (although again, in the latter case I think >> you're more vulnerable to social engineering attacks than strictly >> technological ones). >> Though I would wonder if, in those scenarios, having the password >> automatically input from an SD card or something might actually >> decrease your security. If you're talking about offline attacks, >> that's someone with access to the computer's physical environment (and >> who may even have seen you put in the SD card while you mount >> encrypted FSs). A non-compromised, keyed-in password would actually >> provide more protection in that case than an SD card that's sitting on >> your desk somewhere and that any joe could plug in. >> >> >> After all that, if this problem still seems compelling to you, then I >> suppose the best situation would be for you to have an SD card or >> whatever, kept secure and separate from the box, that feeds the actual >> encryption key into the system, with that key not being stored locally >> at all. Ideally you would also have some kind of second password >> check required to get the program to actually use the RSA key, so you >> can depend on both something you have and something you know. I've no >> idea how to implement this technically; I don't see a facility in >> EncFS to do anything like this. Also, this setup makes your data >> brittle; if your SD card gets wet or zapped, your filesystem is gone. >> There's always compromises between security and convenience, and >> security and resilience of data. >> >> And, joy of joys, make sure you store your backups somewhere nice and >> secure. With your EncFS setup you probably want to store the backups >> of the encrypted filesystem away from all the others, so that someone >> getting ahold of them has to crack the actual encryption rather than >> just hunt around for the key. > > > Ok, thank you for your help. I've read it carefully. > > Now imagine the worst situation, that a friend wants to protect his data > from his corrupt dictatorial government, and he doesn't want to directly > make the question here, because he is afraid. > For email, there is PGP, I suppose it is good enough, right? > But he uses a computer for writing those emails, for writing papers > which may be compromised, he has some forbidden digital books like the > Universal Declaration of Human Rights (or whatever it is speelled in > english), etc. > Imagine that he is actually in the risk of having the police to enter > into his house and get his computer. > Then my question is: is EncFS good enough to protect his data? > I think the SD with stored password is a good solution. While he is not > in the house, he can carry the SD or have it hidden somewhere. While he > is in the house, and police enter, he might have enough time to probably > destroy the SD and turn off the computer. > > What would you recommend in this imaginary case? > > Also, I have seen that encfs support up to 2048 characters for the pass > phrase. Is it better to have a very large random pass, or it is > irrelevant at some point? > And which is better, Blowfish or AES? > > Thank you. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
