Andreas Olsson wrote:
Well, assuming it works, that solution will theoreticly give the sysadmin in
question access to all your data. In the space between where your ssh-session
ends and your encfs begins all your data, as well as your encfs-password,
will exist in the servers memory.
Thanks for your reply. My intention was that encfs was wrapped inside
the ssh session and would have disappeared before the ssh session
ended, but I admit I am out of my depth here. And I note that 'man
encfs' says "The most intrusive attacks, where an attacker has complete
control of the user’s machine (and can therefor modify EncFS, or FUSE,
or the kernel itself) are not guarded against. Do not assume that
encrypted files will protect your sensitive data if you enter your
password into a compromised computer."
Dominic
|