jep
|
|
response 13 of 18:
| 
Dec 20 03:13 UTC 2010 |
re resp:11: Dan, it's not that bad a suggestion. It's not practical but
that is not completely obvious.
Richard, encryption of all of a person's data means it would be fully
inaccessible to anyone who didn't know that person's password. If
someone forgot his password, he couldn't get his data and neither could
anyone else. Say you tie it to his login password, and he then changed
his login password. He'd have to keep track of his original password
for all of the data he wanted to access, plus the new password. Or he'd
have to decrypt and re-encrypt all of his original data.
If he forgets any of his passwords, the data encrypted with it can
*never* be read, by anyone, short of extremely unreasonable efforts.
So what data are we talking about? The .plan information which is
optionally created, and optionally made public when you first log in?
What's the point in creating that at all if it's encrypted? Every file
which he saves? In his home directory, or in system directories too?
Conference data which is temporary? Responses and items? Does the user
enter a password *every* time he wants to view or change *any* data file?
E-mail? Outbound mail which is encrypted is un-readable. Inbound mail?
*Which* inbound e-mail? That which enters the system? Except for the
headers, which are necessary to deliver it? That which is stored in the
person's mailbox? You'd have to rewrite the mail system for that? Mail
stored in the user's home directory? You'd also have to rewrite *all*
of the mail clients for that.
Keep in mind you're doing all of this in order to satisfy someone who
doesn't trust the roots. No one else can read most of this data anyway.
re resp:12: No, veek, even root cannot read what your login password is
on a Unix system, let alone any encryption key you come up with on the
fly. A system admin can see the saved encrypted string in the
/etc/security file, but seeing that is quite a lot different from
knowing the unencrypted string.
|