Re: Linux disk partition encryption
On Wed, 26 Jan 2011 16:21:41 -0500
Brad Alexander <storm16@gmail.com> wrote:
> Because if your laptop gets stolen, the odds are that they will not
> get the USB drive. Thus, it is another layer of security. Plus, if
> they have /boot, they will be prompted for the passphrase, which means
> they can brute force it. If /boot is missing, then all they get is a
> grub message saying "Grub error 11".
>
> I admit that most people stealing a laptop are more interested in the
> hardware than the data, and that unless you are running a custom
> kernel, it wouldn't be rocket science to generate a new /boot, but
> again, it is another layer and would probably dissuade the script
> kiddy.
What I meant was just that it's trivial to write a /boot, so there's no
real security gain.
> --b
>
> On Wed, Jan 26, 2011 at 4:01 PM, Celejar <celejar@gmail.com> wrote:
> > [Please don't cc me on replies.]
> >
> > On Wed, 26 Jan 2011 15:48:15 -0500
> > Brad Alexander <storm16@gmail.com> wrote:
> >
> > ...
> >
> >> Linux admins used LUKS, and as a further step, I put /boot (the only
> >> partition that cannot be encrypted) on a USB stick, so that if anyone
> >> got the laptop, they had no access to the data.
> >
> > Why does putting /boot on a USB stick gain you anything?
> >
> > Celejar
> > --
> > foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
> > mailmin.sourceforge.net - remote access via secure (OpenPGP) email
> > ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
> >
> >
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] AANLkTinoFcWvLvy1yn4JdxTJvuYNhVOp4zysy6n74Yc-@mail.gmail.com">http://lists.debian.org/[🔎] AANLkTinoFcWvLvy1yn4JdxTJvuYNhVOp4zysy6n74Yc-@mail.gmail.com
Celejar
--
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
Reply to: