[NBLUG/talk] Crypt Filesystems

[Jacob Appelbaum]

Walter Hansen wrote:
> Oh, my current software mounts the removable drive (actually it sets it up
> first) and then backs up to it using rsync and then unmounts. It does this
> at midnight. So at any point I have a yesterday backup on site and a week
> old backup at a remote location.

Why mount and unmount automatically? What does this get you?

> So my big problem is that loop-aes seems to want you to live enter a
> passphrase when it mounts a encrypted disk. I'd imagine I could pipe in
> the passphrase if the software won't allow it to be turned off. I'd then
> keep a couple CDs (send them home with the bosses) with the key and
> passphrase. So to put things back together I'd need one of the CDs and one
> of the backup disks.

If you're really going to script the password, I've gotten around this
by using expect in similar situations. However, it requires great care
that the expect script it protected as are the keys used in the process.

When I think about how you're planning to set all of this up, I'm
doubtful that it's worth all the effort unless you're very careful.

An attacker can defeat most of these attempts by doing a timing attack
(waiting until the encrypted disk is mounted) or by rooting the box
where the key is located and then taking the data even in an encrypted form.

I've been working on a key-escrow like system in my spare time that
might be of interest to you but it's not anywhere near release time.

Regards,
Jacob