1 |
> I've been chewing on this idea for a while and am hoping someone on |
2 |
> the |
3 |
list may help me with a concern. |
4 |
> |
5 |
> The notion is that big company B will distribute CDs to employees to |
6 |
> use |
7 |
for remotely accessing things like mail, corporate Intranet, |
8 |
> etc. The |
9 |
disk contains two bootable images. One is "normal" and |
10 |
> is the first to |
11 |
load. The second squashed image is encrypted in a |
12 |
> manner that the first |
13 |
image can decrypt. |
14 |
> |
15 |
> The first image loads, connects to Corp B and authenticates the |
16 |
> user. |
17 |
At that point the key to decrypt the second image is provided |
18 |
> and the |
19 |
computer chroots to the second image. This environment is |
20 |
> considered |
21 |
trusted and access is provided into Corp B. |
22 |
|
23 |
Because the CD provided to all the users is encrypted with the same key, and |
24 |
that this key is not session based, replay attacks are possible. |
25 |
|
26 |
> |
27 |
> This seems fairly straightforward but then why isn't anyone doing |
28 |
> this |
29 |
already? What haven't I considered? |
30 |
> |
31 |
> It's easy to use the word encryption but is much harder to make it |
32 |
> work. |
33 |
Any recommendations on projects I should look at that may be |
34 |
> suitable |
35 |
for this purpose? |
36 |
> |
37 |
> thanks, |
38 |
> Jeff |
39 |
> |
40 |
> ________________________________ |
41 |
> |
42 |
> Jeff Gercken <mailto:jeffg@×××××.com> |
43 |
> |
44 |
> 502-292-4838 office |
45 |
> |
46 |
> 502-292-5238 fax |
47 |
> |
48 |
> <http://www.kizan.com/> www.kizan.com <http://www.kizan.com/> |
49 |
|
50 |
|
51 |
|
52 |
|
53 |
-- |
54 |
gentoo-security@g.o mailing list |