Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: "Alexandre Dubois" <alex@...>
Subject: Re: Boot CD for secure remote access
Date: Mon, 28 Nov 2005 14:52:20 +0000
> I've been chewing on this idea for a while and am hoping someone on 
> the
 list may help me with a concern.
>  
> The notion is that big company B will distribute CDs to employees to 
> use
 for remotely accessing things like mail, corporate Intranet,
>  etc.  The
 disk contains two bootable images.  One is "normal" and 
> is the first to
 load.  The second squashed image is encrypted in a 
> manner that the first
 image can decrypt.
>  
> The first image loads, connects to Corp B and authenticates the 
> user.
 At that point the key to decrypt the second image is provided 
> and the
 computer chroots to the second image.  This environment is 
> considered
 trusted and access is provided into Corp B.

Because the CD provided to all the users is encrypted with the same key, and 
that this key is not session based, replay attacks are possible.

>  
> This seems fairly straightforward but then why isn't anyone doing 
> this
 already?  What haven't I considered?  
>  
> It's easy to use the word encryption but is much harder to make it 
> work.
 Any recommendations on projects I should look at that may be 
> suitable
 for this purpose?
>  
> thanks,
> Jeff
>  
> ________________________________
> 
> Jeff Gercken <mailto:jeffg@...> 
> 
> 502-292-4838 office
> 
> 502-292-5238 fax
> 
> <http://www.kizan.com/> www.kizan.com <http://www.kizan.com/> 




-- 
gentoo-security@g.o mailing list


References:
Boot CD for secure remote access
-- Jeff Gercken
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Boot CD for secure remote access
Next by thread:
How to make iptables log to a separate log file?
Previous by date:
Re: How to make iptables log to a separate log file?
Next by date:
Re: How to make iptables log to a separate log file?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.