Safe decryption with GnuPG?
Anders Breindahl
skrewz at skrewz.dk
Thu Feb 14 22:02:03 CET 2008
Hello,
On 200802131141, Krzysztof Żelechowski wrote:
> Dnia 12-02-2008, Wt o godzinie 11:59 +0100, Anders Breindahl pisze:
> > Use full-disk encryption, as has been stated before.
> Full disk encryption makes the system unnecessarily slow, especially
> if applied to swap space.
I'm not under that impression.
Besides, a (pessimistic) 5/2 latency rise/speed decrease of swap is not
much of a loss. If one wanted speed, one would generally have to avoid
swap, anyway, and the major slowdown with swap lies in the mechanics.
> I am seeking an intermediate solution for desktop computers where the
> amount of confidential data is small.
My solution may just be an attempt at doing that. See below.
> > As Robert stated, many of your other requirements are void, if your
> > adversary gains control of your machine.
>
> Admittedly the protection will never be perfect but I would like it to
> be as good as can be.
Right. But to that purpose, hiding from non-rootkit (?) cracks still
seem like a bad way of using your time. Leave the
assumption-that-the-administrator-doesn't-know-his-stuff work to
Microsoft, and let's assume that the user isn't compromised (or stupid).
> > > Can you direct me to some implementation meeting these
> > > requirements?
> >
> > I wrote a such script once, that satisfies much of (the serious
> > amongst) your requirements. Email me personally, if you're
> > interested.
>
> If you are so kind, or just the idea if you do not want it to be
> adapted and published.
It's not at all what you seem to want. But I've refactored a bit and
made it more serious. It's available at:
http://publish.skrewz.dk/encfilewrapper.sh
Regards, skrewz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: </pipermail/attachments/20080214/7c96da30/attachment.pgp>
More information about the Gnupg-users
mailing list