Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!milano.sw.mcc.com!uudell!sequoia!rpp386!jfh From: jfh@rpp386.cactus.org (John F Haugh II) Newsgroups: comp.unix.internals Subject: Re: Unix security additions Message-ID: <19225@rpp386.cactus.org> Date: 18 Apr 91 14:00:34 GMT References: <1991Mar22.024124.3238@ec <1092@mwtech.UUCP> <19208@rpp386.cactus.org> <6783@awdprime.UUCP> Reply-To: jfh@rpp386.cactus.org (John F Haugh II) Organization: Lone Star Cat Emporium and BBQ Grill Lines: 45 X-Clever-Slogan: Help Prevent Robbery. Tax the IRS. In article <6783@awdprime.UUCP> Tony Sanders writes: >What if the backup/restore utilities on the "secure" system used an >encryption scheme before writting to tape (like dump|crypt|dd of=/dev/mt, >assuming each dump will fit on a single tape). Then tapes written >on the "secure" system could only be read back by the corresponding >restore utility on that system. You must of course secure the >new backup/restore utilities from them but that's just SOP. This is a very common scam for secure backups and secure (trusted) software distribution. The data is encrypted on the tape. If it comes off correctly, you have the data that was put on there. You can then check the data for validity by seeing if the checksums on the files match the cryptographic checksums you were supplied with. If everything matches, odds are, you have the right tape and the right stuff on the tape. This is all a gross oversimplification and much handwaving is required to finish it off. >Restoring the information on an insecure system would be useless, >you have to have the password to use it. Correct. >I am not an IBM representative, I speak only for myself. This actually has been discussed at IBM and other secure UNIX vendors. Perhaps you should contact the Security department for more details if you are still interested. >I have a wonderful proof that emacs is better than vi, > unfortunately this .sig is too small to contain it. ObReligiousWar: Both editors are fully programmable. It is possible to write "vi" in "emacs" and "emacs" in "vi". Therefore neither is better than the other, and the winner is the one with the smallest executable size. Therefore "vi" wins.o It is, of course, predictable that a proof of vi's superiority would be smaller than a proof of emac's ;-) -- John F. Haugh II | Distribution to | UUCP: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 832-8832 | GEnie PROHIBITED :-) | Domain: jfh@rpp386.cactus.org "If liberals interpreted the 2nd Amendment the same way they interpret the rest of the Constitution, gun ownership would be mandatory."