Security Basics mailing list archives
RE: Encrypting data on a cd
From: "Bryan E. Glancey" <bryan.glancey () epstechnology com>
Date: Wed, 26 Mar 2003 11:42:34 -0600
Give a quick call to PCguardian. They have a product that fits your exact requirements. Bryan Glancey bryan.glancey () epstechnology com CTO EPS Technology 999 Executive Parkway Drive St. Louis, MO 63141 USA http://www.epsione.com/ 314-205-2300 314-205-2303 fax -----Original Message----- From: Bear Giles [mailto:bgiles () coyotesong com] Sent: Tuesday, March 25, 2003 3:37 PM To: security-basics () securityfocus com Subject: Re: Encrypting data on a cd KevinKevin Wharram wrote:
I need to encrypt confidential data on a CD. What would be the best way of doing it, i.e. which software?
You really need to be more specific about your environment, anticipated attackers, whether you need to be able to transparently mount the CD, etc. If your attackers are unsophisticated and you put a premium on transparent access by Windows users, use ZIP file encryption. It's not *bad* (unlike a lot of embedded encryption in commercial products), but I believe it can be easily cracked by a person armed with the right tools. Alternately, the most recent pkzip specifications suggest that true public key encryption is now supported in the most recent formats. PGP/GnuPG may soon have real competition. On the other extreme, you may be looking to distribute confidential material to servers that are never touched by end-users. Every morning some sysadmin removes the disc from a safe, puts it in a server, mounts it, then unmounts it and locks it up before going home for the evening.... In that case you would probably want to go with an encrypted image. This could use the encrypted loopback filesystem, or that NFS-based cryptographic filesystem, or possibly others. Once it's mounted with the correct decryption information, it should look like a regular disc. One final thing to keep in mind is that you aren't forced to stick with ISO9660 images, at least with Unix systems. (I don't know about Windows.) It's not even that hard to create the other formats - just create a large file with dd, mount it as a device via the loopback device, format it, mount it, copy your data, then unmount the image. You can then write that image to a disc and mount it as a read-only disc. Alternately you can treat any disc as a highly-seekable tape - simply writing a compressed tar file to a disc as a tape, not embedded within a file system, may be enough to stump most of your attackers. ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfsbl1 ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfsbl1
Current thread:
- Re: Encrypting data on a cd, (continued)
- Re: Encrypting data on a cd Tim Greer (Mar 20)
- Re: Encrypting data on a cd Mel (Mar 20)
- RE: Encrypting data on a cd James Riden (Mar 20)
- RE : Encrypting data on a cd Marty (Mar 21)
- Re: RE : Encrypting data on a cd Konrad (Mar 24)
- Re: Encrypting data on a cd Bear Giles (Mar 26)
- Re: Encrypting data on a cd Chris Berry (Mar 20)
- RE: Encrypting data on a cd Jed Needle (Mar 20)
- Re: Encrypting data on a cd Joris De Donder (Mar 20)
- RE: Encrypting data on a cd Robinson, Sonja (Mar 20)
- RE: Encrypting data on a cd Bryan E. Glancey (Mar 26)