On Thu, Nov 02, 2006 at 12:12:32PM +0000, Stuart Henderson wrote:
> On 2006/11/02 11:53, Joachim Schipper wrote:
> > OpenBSD does offer encrypted filesystems - well, technically,
> > svnd(4) is an encrypting block device, but that's close enough.
>
> this isn't quite the same thing, the encrypted filesystem relevant
> to SMB file-serving is where individual files are (DES-)crypted by the
> server with public-key crypto to encrypt the DES key which is then
> stored with the file (the private key is stored as part of the
> user's login profile). As such this is something that would have to
> be implemented by Samba, not the OS. It's not something that's
> entirely useful - guess what - the file is sent over the wire
> in the clear. duh.
Hmm, I was not aware of this particular 'encryption' scheme. Is there
any point to it, then? Breaking DES should be quite possible, anyway.
And if you want to cryptographically protect files from unauthenticated
access or somesuch, one could use Kerberos or the like. In fact, this is
what Samba and friends use.
Joachim
