Gentoo Archives: gentoo-security

From: Alexandre Dubois <alex@×××××××.com>
To: gentoo-security@l.g.o
Cc: JeffG@×××××.com
Subject: Re: [gentoo-security] Boot CD for secure remote access
Date: Mon, 28 Nov 2005 14:57:52
In Reply to: [gentoo-security] Boot CD for secure remote access by Jeff Gercken
> I've been chewing on this idea for a while and am hoping someone on > the
list may help me with a concern.
> > The notion is that big company B will distribute CDs to employees to > use
for remotely accessing things like mail, corporate Intranet,
> etc. The
disk contains two bootable images. One is "normal" and
> is the first to
load. The second squashed image is encrypted in a
> manner that the first
image can decrypt.
> > The first image loads, connects to Corp B and authenticates the > user.
At that point the key to decrypt the second image is provided
> and the
computer chroots to the second image. This environment is
> considered
trusted and access is provided into Corp B. Because the CD provided to all the users is encrypted with the same key, and that this key is not session based, replay attacks are possible.
> > This seems fairly straightforward but then why isn't anyone doing > this
already? What haven't I considered?
> > It's easy to use the word encryption but is much harder to make it > work.
Any recommendations on projects I should look at that may be
> suitable
for this purpose?
> > thanks, > Jeff > > ________________________________ > > Jeff Gercken <mailto:jeffg@×××××.com> > > 502-292-4838 office > > 502-292-5238 fax > > <> <>
-- gentoo-security@g.o mailing list