This whole thing sounds like it could have ben approached as usefully with an encrypting disk. That kind of thing can be somewhat safer than having data in the clear, but what it protects against is mainly the data if someone steals the disk, if you are a criminal enterprise and want not to have your data readable if you are raided, if you have a privileged user who you distrust who might access the system when it is unused otherwise, or might access backups. Those are the main things encrypting on disk data, where it is to be r/w accessed by normal users, are good for. It can be terribly costly in performance and as long as the system is running and merrily decrypting data for anyone trying to read it, the encryption is USELESS apart from guarding you from the times after hours, or letting The Law pull the plug and thereby leaving the data all safe from prying eyes. For laptops or cases where data is to be accessed by one person, on disk encryption can be highly useful. The more people that need access, the less useful it is, because keys tend to have to be left in place and access is in effect controlled by the system ACLs and so on, and the encryption only wastes time and processor power (in huge chunks!). You can obscure key setup and make it harder for someone to steal the online keys in many ways. That might help against some adversaries. In general you cannot block access. Sounds to me like the consultant here heard somewhere that encryption is good for access control, heard that PGP is a good encryption product, and came up with recommendations based on minimal understanding. Since there are commercial products I have seen that claim they are helping you by providing things like network attached disks that automatically encrypt all contents on write/decrypt on read (so they get to act like regular disks, only slower and way more expensive) evidently this kind of misinformation is common. Perhaps the managers in this company will be interested to hear that the security solution they are imposing is mainly useful in protecting them if they are worried about raids from the police. Such a tidbit might possibly shock them into thinking about what their threat model is. Glenn Everhart -----Original Message----- From: Andrew MacKenzie [mailto:amackenzat_private] Sent: Wednesday, January 08, 2003 2:23 PM To: Chris Matthews Cc: 'Frank Knobbe'; secprogat_private Subject: Re: PGP scripting... > I believe the original question involved more of a dynamic modification > of data on the machine's harddrive. If this is the case, and automatic > encryption/decryption would require the public/private keys. Actually, modification of the data isn't necessarily a large concern, so much as an intruder viewing the data. I actually hadn't quite thought of an intruder modifying the data though. But, since we are not only encrypting the data, but signing it as well (I hadn't mentioned that) then perhaps we are covered for that? > Which key is being used to encrypt the data? If the public key is being > used (and bear with me; my pgp theory is foggy this morning :), then > technically anyone that has that public key can corrupt your encrypted > data. If the private key was used, then anyone with the public key can > easily decrypt it. This means that both keys need to be kept "secret", > or am I mistaken on this? Encrypting with public key, signing with private. > Perhaps you should propose to your client a reevaluation of what exactly > you're trying to protect and then try to find an encryption solution > that more closely matches your requirements. This is the difficult part (imho). The client (like many) doesn't always know just what they want, just that they want things secure. From who? Why? How? They're not sure. They have another security consultant who is supposedly determining these (and I don't get insight into this). -- // Andrew MacKenzie | http://www.edespot.com // perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);' ********************************************************************** This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you **********************************************************************
This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 14:40:18 PST