Re: RFC: backporting GEOM to the 4.x branch
Ed wrote:
> On Thursday 03 March 2005 00:05, Matthew Dillon wrote:
>
>> Personally speaking I have no problem making ultra encryption available
>> to the general public, but I do believe (personally speaking) that the
>> *default* should be something slightly less secure just so criminals
>> and terrorists (at least the stupid ones, which is most or they wouldn't
>> be criminals or terrorists), don't get an automatic boost from our work.
>
>
>
> "Terrorists use Linux."
>
That sort, as with anyone else with information to protect, do not rely
on any 'on box' system.
- If it is 'on box' the keys, passphrases - whatever - can be sniffed /
recorded when used.
- If encryption is not 'reversible' by the owner of the information, it
is useless.
- The most complex and 'unbreakable' of algorithms becomes pure overhead
when
IS-spoofing, purloining, intercepting, or 'rubber-hose' obtaining of the
keys is / easier / faster / cheaper.
Optional userland, user-unique 'per-file' encryption is useful, not
impregnable, but can
be at least as secure, perhaps more so, and requires nothing special of
the fs or os.
CD/DVD-R have made 'One Time Pad' generation, exchange, storage, and use
dead easy,
and OTP - properly used - still ranks very high in resistance to
cracking.
File systems should be robust, reliable, recoverable from common faults,
and fast.
In that order.
Anything complex embedded into the fs is a waste if a 'root' privilege
exists.
Were it otherwise, encrypted fs would have become the rule, not the
exception, long since.
Leave these things up to userland tools.
They wouldn't - and shouldn't - trust a 'system feature' anyway - not
even on their own single-user box.
Bill
討論串 (同標題文章)
完整討論串 (本文為第 34 之 39 篇):