[lug] securing files

D. Stimits stimits at idcomm.com
Mon Apr 22 16:32:03 MDT 2002


Peter Hutnick wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Monday 22 April 2002 04:03 pm, Hugh Brown wrote:
> > I have some files that were acquired under agreement that they be
> > completely confidential, only accessed by people on the project, and
> > never transported unless encrypted.
> >
> > Right now they are on an NFS share.  I'd like to make it so that the
> > files can't be copied anywhere but can still be read by the appropriate
> > people.
> 
> Well, if you let people read them you can't really stop them from copying
> them.  You may notice that there is no "copy" permission in UNIX.  Read ==
> copy.
> 
> That really is a loosing battle (as the record and movie companies can tell
> you).  You could do a custom reader, that renders the files as graphics that
> are designed to be hard to OCR, but you can't stop transcription of something
> that someone can read.

Not to mention screen shots and mouse copy/paste. Even encrypted files,
to be viewed must be decrypted, exposing it (an encrypted partition
can't be copied in a useful way without the key, but while it is
mounted, it is no longer encrypted to the end viewer...and is vulnerable
then).

So to extend the above notion of it being a losing battle, the only real
way is a secured machine that has no network access, and no floppy or
similar device should be easily used (perhaps a smartcard access to the
floppy for use only by trusted people, and logged?).

D. Stimits, stimits at idcomm.com

> 
> You /could/ use PGP file encryption and encrypt with the public keys of only
> the folks authorized to read them.  That won't stop them from decrypting them
> and emailing them to an unauthorized person.
> 
> - -Peter
>



More information about the LUG mailing list