Re: root fs/crypted

To: <paul@ulink.net>
Cc: Curt Howland <curt@blue-edge-tech.com>, <debian-security@lists.debian.org>
Subject: Re: root fs/crypted
From: Zak Kipling <zk201@srcf.ucam.org>
Date: Wed, 30 May 2001 08:41:07 +0100 (BST)
Message-id: <Pine.LNX.4.33.0105300834020.898-100000@zk201.girton.cam.ac.uk>
In-reply-to: <3B148CD4.CA79A115@ulink.net>

On Tue, 29 May 2001 paul@ulink.net wrote:

> I see it as more than this. I see it as ensuring that the data on the disk does
> not get accessed by anyone never intended to see it. (physically, of course).
> I guess this would mostly be cool for thwarting things like police raids,

Although in some countries (eg Britain) you can be required by law to
disclose the decryption keys, and imprisoned if you fail to do so. The
only way around this is to use a steganographic approach where, in the
absence of the passphrase for a given set of data, it is impossible even
to prove its existence.

(I have in the past used StegFS, although it didn't seem stable enough for
critical use, and it doesn't work on 2.4 kernels yet. However, it seemed a
very promising concept.)

> servers vulnerable in remote locations (e.g. colocation, etc). My opinion is,
> with privacy, you can never have too much.

Very true, although a *false* sense of privacy can of course be worse than
none at all -- so it is important that any such system is implemented with
a lot of forethought.

Just my 2p worth...

Zak.

Reply to:

Follow-Ups:
- Re: root fs/crypted
  - From: Hubert Chan <hubert@math.ualberta.ca>

References:
- Re: root fs/crypted
  - From: paul@ulink.net

Prev by Date: Re: root fs/crypted
Next by Date: Re: root fs/crypted
Previous by thread: Re: root fs/crypted
Next by thread: Re: root fs/crypted
Index(es):
- Date
- Thread