[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Key management using a USB key

On Tuesday 08 March 2005 10:46, David Härdeman <david@2gen.com> wrote:
> o Especially on laptops, it might be interesting to also encrypt all of
>   /home and/or other parts of the harddrive to make the data unusuable
>   without the USB key. But how to integrate this with the other
>   requirements?

It seems that this part of your message hasn't been addressed.

The best thing to do regarding encryption (IMHO) is to have an encrypted root 
file system.  Boot from a USB device and have an initrd use dm-crypt to 
decrypt the root file system.  A password is not adequate on it's own 
(anything you can remember can be brute-forced).  Get a key from /dev/random 
and maybe have a password as well.

The root file system can contain keys for /home and other file systems.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: