[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] freedombox & blackhats

[this should have gone to the whole list but i messed it up]

2011/3/1 Matt Willsher <matt at monki.org.uk>:
> On 28 February 2011 23:54, Florian Hofmann <florian at fhaust.de> wrote:
>> My first thought on that title was that it is as easy to install a plug
>> server as it is to snatch and make a run with it...
>> As pointed out before data security is the prime objective in this case. And
>> imho this means full disc encryption and stuff... which in return brings the
>> inconvenience of unlocking the discs at boot.
> Given the devices are cheap, maybe repudiation is an option? If the
> plug goes missing the user has a way of invalidating that plug so it
> can be used to access their data on it or its backups.
> As a key for decryption of the disks a usb pen is an obvious choice
> but then that's also a physical form so not ideal - if someone swipes
> the plug perhaps they will also get the users usb drive.

I don't believe attachable media is the key here. Even if you'd only
had to plug a usb stick in at boot it would be inconvenient. On the
default encryption mode is ecryptfs which is unlocked at the moment
you log into the machine. Maybe it would be possible to integrate a
similar solution into the authentication of private services. Eg you
try to get your mails over IMAP but the related folders are encrypted.
The system takes your Imap credentials and uses them to unlock the
ecryptfs encrypted folders. Once unlocked they would stay this way
until the next reboot.

Another approach would be a webbased unlock screen where you'd have to
type in your encryption password once after boot. But i guess this
would encourage people to set an empty password cause most of us are
lazy aren't we? ;)


Reply to: