Proposal: Personal Data Encryption (maybe SoC?)

Henryk Plötz henryk at openmoko.org
Wed Mar 21 22:41:12 CET 2007


Moin,

Am Wed, 21 Mar 2007 14:54:36 -0600 schrieb Joe Pfeiffer:

> >b) mmap.
> 
> I haven't come across many applications that use mmap for file i/o

"Not many" is more than "none" and therefore the approach is useless,
IMHO. The right[tm] approach (namely something kernel-assisted like
ecryptfs/encfs) has been mentioned in the first post in this thread and
encryption basically is a solved problem. 

There is however one rather big unsolved problem that has been ignored
in this subthread: "Authentication", as Tim Newsom put it, gains us
nothing, the really interesting question is where to get the key from.
Key input on a mobile phone in a usable way is problematic.

> >So encryptfs sounds way more useful for that usage.
> 
> But it has the "encryption jail" drawback.

Which isn't a drawback for many, but rather an advantage. Anyways, if
the key input problem is solved in a satisfactorial manner then any
possible adverse effect of encrypting everything should be minimal.
Plus: If you really want per-file encryption that would only need some
minimal modifications to the existing solutions. Or use unionfs.

A different solution has been mentioned already: If all PIM data is
kept in a central database anyways, then encryption can be done there.
E.g. three levels: "No encryption", "Item-level encryption in PIM
database", "Full filesystem encryption".

-- 
Henryk Plötz
Grüße aus Berlin
~ Help Microsoft fight software piracy: Give Linux to a friend today! ~




More information about the community mailing list