Hello, On 200802131141, Krzysztof Żelechowski wrote: > Dnia 12-02-2008, Wt o godzinie 11:59 +0100, Anders Breindahl pisze: > > Use full-disk encryption, as has been stated before. > Full disk encryption makes the system unnecessarily slow, especially > if applied to swap space.
I'm not under that impression. Besides, a (pessimistic) 5/2 latency rise/speed decrease of swap is not much of a loss. If one wanted speed, one would generally have to avoid swap, anyway, and the major slowdown with swap lies in the mechanics. > I am seeking an intermediate solution for desktop computers where the > amount of confidential data is small. My solution may just be an attempt at doing that. See below. > > As Robert stated, many of your other requirements are void, if your > > adversary gains control of your machine. > > Admittedly the protection will never be perfect but I would like it to > be as good as can be. Right. But to that purpose, hiding from non-rootkit (?) cracks still seem like a bad way of using your time. Leave the assumption-that-the-administrator-doesn't-know-his-stuff work to Microsoft, and let's assume that the user isn't compromised (or stupid). > > > Can you direct me to some implementation meeting these > > > requirements? > > > > I wrote a such script once, that satisfies much of (the serious > > amongst) your requirements. Email me personally, if you're > > interested. > > If you are so kind, or just the idea if you do not want it to be > adapted and published. It's not at all what you seem to want. But I've refactored a bit and made it more serious. It's available at: http://publish.skrewz.dk/encfilewrapper.sh Regards, skrewz.
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users