Re: Key management using a USB key

To: debian-devel@lists.debian.org
Cc: David Härdeman <david@2gen.com>
Subject: Re: Key management using a USB key
From: Russell Coker <russell@coker.com.au>
Date: Wed, 20 Apr 2005 21:47:51 +1000
Message-id: <[🔎] 200504202147.54069.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <20050307234645.GA8450@hardeman.nu>
References: <20050307234645.GA8450@hardeman.nu>

On Tuesday 08 March 2005 10:46, David Härdeman <david@2gen.com> wrote:
> o Especially on laptops, it might be interesting to also encrypt all of
>   /home and/or other parts of the harddrive to make the data unusuable
>   without the USB key. But how to integrate this with the other
>   requirements?

It seems that this part of your message hasn't been addressed.

The best thing to do regarding encryption (IMHO) is to have an encrypted root 
file system.  Boot from a USB device and have an initrd use dm-crypt to 
decrypt the root file system.  A password is not adequate on it's own 
(anything you can remember can be brute-forced).  Get a key from /dev/random 
and maybe have a password as well.

The root file system can contain keys for /home and other file systems.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Prev by Date: Re: Temporal Release Strategy
Next by Date: Re: Temporal Release Strategy
Previous by thread: Re: traduction de la description des paquets
Next by thread: advice needed on handling network port conflicts
Index(es):
- Date
- Thread