home | list info | list archive | date index | thread index

[OCLUG-Tech] Re: encryption and security



Can I ask Stephen G and others to volunteer so we can have an OCLUG panel on encryption and security? Could make a lively meeting and bring in outsiders.

I make no claims in this area. My background is number crunching and statistics, but I did teach risk management for many years. I'll still be happy to argue that

1) ccrypt offers a cross-platform solution that is usable by a much wider variety of folk than GnuPG, which (to deliberately pour gasoline on a debate fire) I will claim is geeky enough to scare folks away. Truthfully, it has to be easier for all of these tools. ccrypt is not easy enough either, but I find it much friendlier than GnuPG. And, of course, I don't want to install anything.

2) The memory clearing issue is sufficiently important that I would like to see it addressed, even if it is difficult. In the script I proposed, my solution -- proposed in order to get reaction, by the way -- was as follows: - create a tmpfs in RAM on a machine with no swap (apologies: I forgot to mention that I run my machines with large RAM and no swap partition). - run encfs on this so material in the decrypted area is somewhat protected. (The ccat or ccrypt -c options are better for just viewing, but maybe there are other applications for the tmp disk idea.)
   - close the encfs
   - scrub the "disk" which is RAM
   - release the RAM by unmounting the tmpfs "disk"

Let's see if we can build a meeting program from something along these lines.

As an aside, I've found fusermount seems to fail more than it works. Will have to look into that.

Cheers, JN