Security Basics mailing list archives
Re: Encrypting data on a cd
From: Bear Giles <bgiles () coyotesong com>
Date: Tue, 25 Mar 2003 14:37:25 -0700
KevinKevin Wharram wrote:
I need to encrypt confidential data on a CD. What would be the best way of doing it, i.e. which software?
You really need to be more specific about your environment, anticipated attackers, whether you need to be able to transparently mount the CD, etc. If your attackers are unsophisticated and you put a premium on transparent access by Windows users, use ZIP file encryption. It's not *bad* (unlike a lot of embedded encryption in commercial products), but I believe it can be easily cracked by a person armed with the right tools. Alternately, the most recent pkzip specifications suggest that true public key encryption is now supported in the most recent formats. PGP/GnuPG may soon have real competition. On the other extreme, you may be looking to distribute confidential material to servers that are never touched by end-users. Every morning some sysadmin removes the disc from a safe, puts it in a server, mounts it, then unmounts it and locks it up before going home for the evening.... In that case you would probably want to go with an encrypted image. This could use the encrypted loopback filesystem, or that NFS-based cryptographic filesystem, or possibly others. Once it's mounted with the correct decryption information, it should look like a regular disc. One final thing to keep in mind is that you aren't forced to stick with ISO9660 images, at least with Unix systems. (I don't know about Windows.) It's not even that hard to create the other formats - just create a large file with dd, mount it as a device via the loopback device, format it, mount it, copy your data, then unmount the image. You can then write that image to a disc and mount it as a read-only disc. Alternately you can treat any disc as a highly-seekable tape - simply writing a compressed tar file to a disc as a tape, not embedded within a file system, may be enough to stump most of your attackers. ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfsbl1
Current thread:
- Encrypting data on a cd Kevin Wharram (Mar 19)
- RE: Encrypting data on a cd Florian Hines (Mar 20)
- Re: Encrypting data on a cd Tim Greer (Mar 20)
- Re: Encrypting data on a cd Mel (Mar 20)
- RE: Encrypting data on a cd James Riden (Mar 20)
- RE : Encrypting data on a cd Marty (Mar 21)
- Re: RE : Encrypting data on a cd Konrad (Mar 24)
- Re: Encrypting data on a cd Bear Giles (Mar 26)
- <Possible follow-ups>
- Re: Encrypting data on a cd Chris Berry (Mar 20)
- RE: Encrypting data on a cd Jed Needle (Mar 20)
- Re: Encrypting data on a cd Joris De Donder (Mar 20)
- RE: Encrypting data on a cd Robinson, Sonja (Mar 20)
- RE: Encrypting data on a cd Bryan E. Glancey (Mar 26)