Re: Linux disk partition encryption

To: debian-user@lists.debian.org
Subject: Re: Linux disk partition encryption
From: Celejar <celejar@gmail.com>
Date: Wed, 26 Jan 2011 16:56:46 -0500
Message-id: <[🔎] 20110126165646.1be97ecc.celejar@gmail.com>
In-reply-to: <[🔎] AANLkTinoFcWvLvy1yn4JdxTJvuYNhVOp4zysy6n74Yc-@mail.gmail.com>
References: <[🔎] ihobsl$pt9$1@dough.gmane.org> <[🔎] 20110126092929.adc7f6c8.celejar@gmail.com> <[🔎] AANLkTikyHiEaTunK3qEFzG=eGVinNBuGxNBWp1r8_e5L@mail.gmail.com> <[🔎] 20110126160149.39fd71f2.celejar@gmail.com> <[🔎] AANLkTinoFcWvLvy1yn4JdxTJvuYNhVOp4zysy6n74Yc-@mail.gmail.com>

On Wed, 26 Jan 2011 16:21:41 -0500
Brad Alexander <storm16@gmail.com> wrote:

> Because if your laptop gets stolen, the odds are that they will not
> get the USB drive. Thus, it is another layer of security. Plus, if
> they have /boot, they will be prompted for the passphrase, which means
> they can brute force it. If /boot is missing, then all they get is a
> grub message saying "Grub error 11".
> 
> I admit that most people stealing a laptop are more interested in the
> hardware than the data, and that unless you are running a custom
> kernel, it wouldn't be rocket science to generate a new /boot, but
> again, it is another layer and would probably dissuade the script
> kiddy.

What I meant was just that it's trivial to write a /boot, so there's no
real security gain.

> --b
> 
> On Wed, Jan 26, 2011 at 4:01 PM, Celejar <celejar@gmail.com> wrote:
> > [Please don't cc me on replies.]
> >
> > On Wed, 26 Jan 2011 15:48:15 -0500
> > Brad Alexander <storm16@gmail.com> wrote:
> >
> > ...
> >
> >> Linux admins used LUKS, and as a further step, I put /boot (the only
> >> partition that cannot be encrypted) on a USB stick, so that if anyone
> >> got the laptop, they had no access to the data.
> >
> > Why does putting /boot on a USB stick gain you anything?
> >
> > Celejar
> > --
> > foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
> > mailmin.sourceforge.net - remote access via secure (OpenPGP) email
> > ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
> >
> >
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] AANLkTinoFcWvLvy1yn4JdxTJvuYNhVOp4zysy6n74Yc-@mail.gmail.com">http://lists.debian.org/[🔎] AANLkTinoFcWvLvy1yn4JdxTJvuYNhVOp4zysy6n74Yc-@mail.gmail.com


Celejar
-- 
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

Reply to:

References:
- Linux disk partition encryption
  - From: T o n g <mlist4suntong@yahoo.com>
- Re: Linux disk partition encryption
  - From: Celejar <celejar@gmail.com>
- Re: Linux disk partition encryption
  - From: Brad Alexander <storm16@gmail.com>
- Re: Linux disk partition encryption
  - From: Celejar <celejar@gmail.com>
- Re: Linux disk partition encryption
  - From: Brad Alexander <storm16@gmail.com>

Prev by Date: Re: Why are my emails not making it to the list?
Next by Date: Re: Why are my emails not making it to the list?
Previous by thread: Re: Linux disk partition encryption
Next by thread: Re: Linux disk partition encryption
Index(es):
- Date
- Thread