Security Basics mailing list archives

Re: Encrypting data on a cd

From: Bear Giles <bgiles () coyotesong com>
Date: Tue, 25 Mar 2003 14:37:25 -0700

KevinKevin Wharram wrote:

I need to encrypt confidential data on a CD.
What would be the best way of doing it, i.e. which software?


You really need to be more specific about your environment,
anticipated attackers, whether you need to be able to
transparently mount the
CD, etc.

If your attackers are unsophisticated and you put a premium on
transparent access by Windows users, use ZIP file encryption. It's
not *bad* (unlike a lot of embedded encryption in commercial
products), but I believe it can be easily cracked by a person
armed with the right tools.

Alternately, the most recent pkzip specifications suggest that
true public key encryption is now supported in the most recent
formats. PGP/GnuPG may soon have real competition.

On the other extreme, you may be looking to distribute
confidential material to servers that are never touched by
end-users. Every morning some sysadmin removes the disc from a
safe, puts it in a server, mounts it, then unmounts it and locks
it up before going home for the evening....

In that case you would probably want to go with an encrypted
image. This could use the encrypted loopback filesystem, or that
NFS-based cryptographic filesystem, or possibly others. Once it's
mounted with the correct decryption information, it should look
like a regular disc.

One final thing to keep in mind is that you aren't forced to stick
with ISO9660 images, at least with Unix systems. (I don't know
about Windows.) It's not even that hard to create the other
formats - just create a large file with dd, mount it as a device
via the loopback device, format it, mount it, copy your data, then
unmount the image. You can then write that image to a disc and
mount it as a read-only disc. Alternately you can treat any disc
as a highly-seekable tape - simply writing a compressed tar file
to a disc as a tape, not embedded within a file system, may be
enough to stump most of your attackers.



-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1

Current thread:

Encrypting data on a cd Kevin Wharram (Mar 19)
- RE: Encrypting data on a cd Florian Hines (Mar 20)
- Re: Encrypting data on a cd Tim Greer (Mar 20)
- Re: Encrypting data on a cd Mel (Mar 20)
- RE: Encrypting data on a cd James Riden (Mar 20)
- RE : Encrypting data on a cd Marty (Mar 21)
  - Re: RE : Encrypting data on a cd Konrad (Mar 24)
- Re: Encrypting data on a cd Bear Giles (Mar 26)
- <Possible follow-ups>
- Re: Encrypting data on a cd Chris Berry (Mar 20)
- RE: Encrypting data on a cd Jed Needle (Mar 20)
- Re: Encrypting data on a cd Joris De Donder (Mar 20)
- RE: Encrypting data on a cd Robinson, Sonja (Mar 20)
- RE: Encrypting data on a cd Bryan E. Glancey (Mar 26)