BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] NAS Folder Encryption
- Subject: [Discuss] NAS Folder Encryption
- From: richb at pioneer.ci.net (Rich Braun)
- Date: Fri, 24 Apr 2015 11:33:37 -0700
- In-reply-to: <mailman.9.1429891207.23556.discuss@blu.org>
- References: <mailman.9.1429891207.23556.discuss@blu.org>
aldo_albanese <aldo_albanese at yahoo.com> clarified: > The system is connected thru the Internet so it can be accessed > everywhere of course with a password. I use it at home ... OK so let's expand on this use-case a bit. First, a little history from where I sit in California. In 2009, a guy named David Riley got pulled over for an expired registration. Cops made a warrantless search of his mobile phone against his wishes, and the case since then has made it all the way to the U.S. Supreme Court. Authorities in California repeatedly ruled against privacy rights for personal computing devices (mobile in this case, potentially home-based servers as well). Read more about the US Supreme Court's reversal of this 9 months ago at: http://www.nytimes.com/2014/06/26/us/supreme-court-cellphones-search-privacy.html Developers at Apple were paying attention, and shoved a middle-finger in the FBI's face when they created a hardened solution for this use-case. If you pry an iPhone open, extract its flash memory chip, and attempt to decrypt it: you will fail. (I think Android can also resist this type of police intrusion.) Unlike the Android, though, with an iPhone you can rest assured that even if extra effort is made to keep the device powered up as you extract flash memory contents, you'll also find the data encrypted. Apple created an ingenious mechanism for tying its folder-locking method to its screensaver: when screensaver is activated, the decryption keys are wiped. FBI authorities have expressed concern that this is too hard to break, but so far Apple's put consumer privacy first. It's not perfect, a lot of your data isn't protected, but the design is sound (a short discussion of its vulnerabilities: http://www.zdziarski.com/blog/?p=2149). Here's what I want for my home server, which like Aldo's is accessible via the Internet: I want all sensitive files (e.g., tax forms, business records, personal correspondence) kept encrypted AT ALL TIMES except when I'm actually looking at them. If I could activate/deactivate the LUKS encryption keys via the screen-lock utility (on a desktop/laptop separate from the server), that'd solve a lot of this problem without having to constantly retype a password (indeed, having to type a password introduces key-logger vulnerabilities that I want to avoid). An Internet intrusion is far likelier than a home burglary, so until this capability comes along, my files are vulnerable (even with LUKS encryption) as long as the volumes are mounted. -rich
- Follow-Ups:
- [Discuss] NAS Folder Encryption
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] Mobile Device Encryption (was Re: NAS Folder Encryption)
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] NAS Folder Encryption
- Prev by Date: [Discuss] NAS Folder Encryption
- Next by Date: [Discuss] Mobile Device Encryption (was Re: NAS Folder Encryption)
- Previous by thread: [Discuss] NAS Folder Encryption
- Next by thread: [Discuss] Mobile Device Encryption (was Re: NAS Folder Encryption)
- Index(es):
