[lug] securing files

D. Stimits stimits at idcomm.com
Mon Apr 22 16:32:03 MDT 2002

Peter Hutnick wrote:
> Hash: SHA1
> On Monday 22 April 2002 04:03 pm, Hugh Brown wrote:
> > I have some files that were acquired under agreement that they be
> > completely confidential, only accessed by people on the project, and
> > never transported unless encrypted.
> >
> > Right now they are on an NFS share.  I'd like to make it so that the
> > files can't be copied anywhere but can still be read by the appropriate
> > people.
> Well, if you let people read them you can't really stop them from copying
> them.  You may notice that there is no "copy" permission in UNIX.  Read ==
> copy.
> That really is a loosing battle (as the record and movie companies can tell
> you).  You could do a custom reader, that renders the files as graphics that
> are designed to be hard to OCR, but you can't stop transcription of something
> that someone can read.

Not to mention screen shots and mouse copy/paste. Even encrypted files,
to be viewed must be decrypted, exposing it (an encrypted partition
can't be copied in a useful way without the key, but while it is
mounted, it is no longer encrypted to the end viewer...and is vulnerable

So to extend the above notion of it being a losing battle, the only real
way is a secured machine that has no network access, and no floppy or
similar device should be easily used (perhaps a smartcard access to the
floppy for use only by trusted people, and logged?).

D. Stimits, stimits at idcomm.com

> You /could/ use PGP file encryption and encrypt with the public keys of only
> the folks authorized to read them.  That won't stop them from decrypting them
> and emailing them to an unauthorized person.
> - -Peter

More information about the LUG mailing list