diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-02-23 17:32:03 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-02-23 17:32:47 +0100 |
commit | 1d17b757cf988cb33c4701e1c43c4f8818aed761 (patch) | |
tree | 75855962d6762d43b840d28676a6795719d43112 | |
parent | Smart mode for no arguments (diff) | |
download | ctmg-1d17b757cf988cb33c4701e1c43c4f8818aed761.tar.xz ctmg-1d17b757cf988cb33c4701e1c43c4f8818aed761.zip |
Add section about security considerations
-rw-r--r-- | README.md | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -56,3 +56,9 @@ Or, use the package from your distribution: ### Bug reports Report any bugs to <jason@zx2c4.com>. + +### Security Considerations + +This runs as root and auto-`sudo`s itself to achieve that. As such, you shouldn't run this on paths you don't trust that could be controlled by malicious users. + +Since `ctmg` uses `cryptseup` and the LUKS infrastructure, it uses the Linux block device encryption APIs. The state of the art in block device encryption, as of writing, is [XTS mode](http://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf), which is what `ctmg` uses. But do note that this does not guarantee, entirely, the integrity of data, just the secrecy. As such, if a malicious user is able to modify the encrypted content, it is possible this could result in differing decrypted content without you noticing. So, `ctmg` is useful for keeping things secret, but not for guaranteeing the authenticity of the data. If your laptop gets stolen, sleep safely knowing that your `ctmg`-secured data is safe, but if an attacker is actively modifying the `.ct` file while you're using it in one way or another, you've got trouble. |