Keeping private data private WAS: Shifty Shell Prompts

Ben Scott dragonhawk at gmail.com
Thu Apr 16 20:33:27 EDT 2009


On Thu, Apr 16, 2009 at 7:51 PM, Joshua Judson Rosen
<rozzin at geekspace.com> wrote:
>       Nobody in the secrets-business bothers *cracking
>       encryption*--the just break into your house and install
>       bugs.

  I can speak with some experience here.

  When working with computers processing classified national security
information, encryption of data within trusted computing systems is
not something that I've seen much evidence of.  Encryption is used to
protect transport over untrusted mediums (e.g., communications lines),
but once it gets to the trusted computer it's all in the clear.

  The security put in place around trusted systems, however, is quite
intense.  Lock the hard disk inside a safe inside a locked room inside
a locked building on a guarded complex with multiple levels of
surveillance and intrusion-detection systems.  The really sensitive
stuff gets 24/7 armed guards.

  The host doesn't communicate with the Internet or other untrusted
networks.  At all.  Ever.  Often it's an "air gap firewall".  If an
untrusted network is used to support an encrypted tunnel, special
equipment is used, separate from the host, to make sure the host only
talks over the crypto tunnel.  Mixed levels of security on a single
system is quite rare, and typically not allowed on any OS you or I
have ever used.

  Everyone who works with this stuff is investigated before being
cleared.  Be prepared to document every aspect of your life for the
past ten years.  Where you lived, where you worked, where you went to
school, who you knew.  Get it right, because if they find
discrepancies they'll grill you over them.

  Remember the armed guards?  It gets better.  The really, really
sensitive stuff is only opened with at least two people present ("two
person integrity").  The really, really, *REALLY* sensitive stuff is
guarded by two people at all times, and the people don't know who
they'll be working with when until their assignment starts ("two
person control").

  Notice the focus in the above?  None of it is technological
sophistication; it's all about the human/physical element.

  But don't worry.  I'm sure PGP will save the world.

  (Just to be fair: Crypto is useful, and has lots of applications.
It's just not a cure-all, and can't help with most of the big security
weaknesses one sees in the real world.)

-- Ben



More information about the gnhlug-discuss mailing list