[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: root fs/crypted

there is already a HowTo on how to create an encrypted
loop-back "file system". it doesn't encrypt the whole
disk, but it could certainly hold anything worth having

don't get me wrong, i fully understand the reasons behind
putting the entire system behind a good pass-phrase. with
the way *nix's put configuration files, data files, manuals,
binaries, etc in so many different places, the only way to
be absolutely sure would be to encrypt everything.

but that only works at startup. if the system is running,
having the entire disk encrypted is no different than the
fact it's all in hex already. an individual user based
encryption means all you have to do is logout, not power
down, to kill the "decryption" process and thwart snooping.

so how about a start-up passphrase protecting everything
owned by root, then another for each individual user? but
that would cancel root's ability to read everything....



-----Original Message-----
From: Paul Lowe [mailto:paul@ulink.net]
Sent: Wednesday, May 30, 2001 12:03
To: clemens; debian-security@lists.debian.org
Subject: Re: root fs/crypted

I like this. Would it be difficult to modify Debian, so that
upon install, it creates an encrypted root volume and starts
things off the right way?

Reply to: