RE: PGP scripting...

• Previous message: Jason Coombs: "RE: PGP scripting..."
• Maybe in reply to: Andrew MacKenzie: "PGP scripting..."
• Next in thread: Mark Reardon: "Re: RE: PGP scripting..."
• Maybe reply: Mark Reardon: "Re: RE: PGP scripting..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 8 Jan 2003 14:39:30 -0500
From: <Glenn_Everhart@bankone.com>
To: <amackenz@edespot.com>, <chris@masc.ca>

This whole thing sounds like it could have ben approached as usefully
with an encrypting disk. That kind of thing can be somewhat safer than
having data in the clear, but what it protects against is mainly the
data if someone steals the disk, if you are a criminal enterprise and
want not to have your data readable if you are raided, if you have
a privileged user who you distrust who might access the system when
it is unused otherwise, or might access backups.

Those are the main things encrypting on disk data, where it is to be
r/w accessed by normal users, are good for. It can be terribly costly
in performance and as long as the system is running and merrily
decrypting data for anyone trying to read it, the encryption is
USELESS apart from guarding you from the times after hours, or letting
The Law pull the plug and thereby leaving the data all safe from prying
eyes.

For laptops or cases where data is to be accessed by one person, on
disk encryption can be highly useful. The more people that need access,
the less useful it is, because keys tend to have to be left in place
and access is in effect controlled by the system ACLs and so on, and the
encryption only wastes time and processor power (in huge chunks!).

You can obscure key setup and make it harder for someone to steal the
online keys in many ways. That might help against some adversaries.
In general you cannot block access.

Sounds to me like the consultant here heard somewhere that encryption is
good for access control, heard that PGP is a good encryption product,
and
came up with recommendations based on minimal understanding. Since there
are commercial products I have seen that claim they are helping you by
providing things like network attached disks that automatically encrypt
all contents on write/decrypt on read (so they get to act like regular
disks,
only slower and way more expensive) evidently this kind of
misinformation
is common.

Perhaps the managers in this company will be interested to hear that the
security solution they are imposing is mainly useful in protecting them
if
they are worried about raids from the police. Such a tidbit might
possibly
shock them into thinking about what their threat model is.

Glenn Everhart

-----Original Message-----
From: Andrew MacKenzie [mailto:amackenz@edespot.com]
Sent: Wednesday, January 08, 2003 2:23 PM
To: Chris Matthews
Cc: 'Frank Knobbe'; secprog@securityfocus.com
Subject: Re: PGP scripting...

> I believe the original question involved more of a dynamic
modification
> of data on the machine's harddrive. If this is the case, and
automatic
> encryption/decryption would require the public/private keys.
Actually, modification of the data isn't necessarily a large concern, so
much as an intruder viewing the data. I actually hadn't quite thought
of
an intruder modifying the data though. But, since we are not only
encrypting the data, but signing it as well (I hadn't mentioned that)
then
perhaps we are covered for that?

> Which key is being used to encrypt the data? If the public key is
being
> used (and bear with me; my pgp theory is foggy this morning :), then
> technically anyone that has that public key can corrupt your encrypted
> data. If the private key was used, then anyone with the public key
can
> easily decrypt it. This means that both keys need to be kept
"secret",
> or am I mistaken on this?
Encrypting with public key, signing with private.

> Perhaps you should propose to your client a reevaluation of what
exactly
> you're trying to protect and then try to find an encryption solution
> that more closely matches your requirements.
This is the difficult part (imho). The client (like many) doesn't
always
know just what they want, just that they want things secure. From who?
Why? How? They're not sure. They have another security consultant who
is
supposedly determining these (and I don't get insight into this).

-- 
// Andrew MacKenzie  |  http://www.edespot.com
// perl -e 'print
$i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
**********************************************************************
This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you
**********************************************************************

• Next message: Mark Reardon: "Re: RE: PGP scripting..."
• Previous message: Jason Coombs: "RE: PGP scripting..."
• Maybe in reply to: Andrew MacKenzie: "PGP scripting..."
• Next in thread: Mark Reardon: "Re: RE: PGP scripting..."
• Maybe reply: Mark Reardon: "Re: RE: PGP scripting..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]