Re: Key management using a USB key
On Tuesday 08 March 2005 10:46, David Härdeman <david@2gen.com> wrote:
> o Especially on laptops, it might be interesting to also encrypt all of
> /home and/or other parts of the harddrive to make the data unusuable
> without the USB key. But how to integrate this with the other
> requirements?
It seems that this part of your message hasn't been addressed.
The best thing to do regarding encryption (IMHO) is to have an encrypted root
file system. Boot from a USB device and have an initrd use dm-crypt to
decrypt the root file system. A password is not adequate on it's own
(anything you can remember can be brute-forced). Get a key from /dev/random
and maybe have a password as well.
The root file system can contain keys for /home and other file systems.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: