| 1 |
> I've been chewing on this idea for a while and am hoping someone on |
| 2 |
> the |
| 3 |
list may help me with a concern. |
| 4 |
> |
| 5 |
> The notion is that big company B will distribute CDs to employees to |
| 6 |
> use |
| 7 |
for remotely accessing things like mail, corporate Intranet, |
| 8 |
> etc. The |
| 9 |
disk contains two bootable images. One is "normal" and |
| 10 |
> is the first to |
| 11 |
load. The second squashed image is encrypted in a |
| 12 |
> manner that the first |
| 13 |
image can decrypt. |
| 14 |
> |
| 15 |
> The first image loads, connects to Corp B and authenticates the |
| 16 |
> user. |
| 17 |
At that point the key to decrypt the second image is provided |
| 18 |
> and the |
| 19 |
computer chroots to the second image. This environment is |
| 20 |
> considered |
| 21 |
trusted and access is provided into Corp B. |
| 22 |
|
| 23 |
Because the CD provided to all the users is encrypted with the same key, and |
| 24 |
that this key is not session based, replay attacks are possible. |
| 25 |
|
| 26 |
> |
| 27 |
> This seems fairly straightforward but then why isn't anyone doing |
| 28 |
> this |
| 29 |
already? What haven't I considered? |
| 30 |
> |
| 31 |
> It's easy to use the word encryption but is much harder to make it |
| 32 |
> work. |
| 33 |
Any recommendations on projects I should look at that may be |
| 34 |
> suitable |
| 35 |
for this purpose? |
| 36 |
> |
| 37 |
> thanks, |
| 38 |
> Jeff |
| 39 |
> |
| 40 |
> ________________________________ |
| 41 |
> |
| 42 |
> Jeff Gercken <mailto:jeffg@×××××.com> |
| 43 |
> |
| 44 |
> 502-292-4838 office |
| 45 |
> |
| 46 |
> 502-292-5238 fax |
| 47 |
> |
| 48 |
> <http://www.kizan.com/> www.kizan.com <http://www.kizan.com/> |
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
-- |
| 54 |
gentoo-security@g.o mailing list |
Archives