On Thu, 22 Feb 2001, Sampo Syreeni wrote:
On Tue, 20 Feb 2001, Ray Dillinger wrote:
We need editors that don't put cleartext on the disk when you hit the "save" command.
Why not simply use encrypted hard drives? Make the driver forget key material in a fixed period of keyboard inactivity? This would be a helluva lot easier than making secure versions of every existing application out there...
The problem with an encrypted drive is that the applications that are able to write it have got to do key management, and all of those existing applications were written with the assumption that they didn't have to do key management. There are various workarounds, but that's what they are - workarounds. If your application can read and write an encrypted drive without specifically providing the keys, then a trojan on your system can read and write an encrypted drive without specifically providing the keys. These workarounds can only work by "hiding" key management from the application, and thus from the user - which means key management gets done badly if at all. Good crypto can't be tacked on - it has to be designed in. Another problem with an encrypted drive is that an encrypted drive is infrastructure that someone is likely to not have in place when they first discover a real need to encrypt. Don't get me wrong -- I believe in encrypted drives. They provide a "mix" so you can't tell which bit was written by what application, and that's a valuable service. But there are limits to what they can do or should be relied on to do. Applications that write to (and more importantly, which read from) the encrypted drive should themselves be crypto-aware and do proper key management. Bear