Re: Key management using a USB key
On Tuesday 08 March 2005 10:46, David Härdeman <email@example.com> wrote:
> o Especially on laptops, it might be interesting to also encrypt all of
> /home and/or other parts of the harddrive to make the data unusuable
> without the USB key. But how to integrate this with the other
It seems that this part of your message hasn't been addressed.
The best thing to do regarding encryption (IMHO) is to have an encrypted root
file system. Boot from a USB device and have an initrd use dm-crypt to
decrypt the root file system. A password is not adequate on it's own
(anything you can remember can be brute-forced). Get a key from /dev/random
and maybe have a password as well.
The root file system can contain keys for /home and other file systems.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page