Re: root fs/crypted
I see it as more than this. I see it as ensuring that the data on the disk does
not get accessed by anyone never intended to see it. (physically, of course).
I guess this would mostly be cool for thwarting things like police raids,
servers vulnerable in remote locations (e.g. colocation, etc). My opinion is,
with privacy, you can never have too much.
Thanks,
Paul
paul@ulink.net
The price of freedom is eternal vigilence.
Curt Howland wrote:
> there is already a HowTo on how to create an encrypted
> loop-back "file system". it doesn't encrypt the whole
> disk, but it could certainly hold anything worth having
> encrypted.
>
> don't get me wrong, i fully understand the reasons behind
> putting the entire system behind a good pass-phrase. with
> the way *nix's put configuration files, data files, manuals,
> binaries, etc in so many different places, the only way to
> be absolutely sure would be to encrypt everything.
>
> but that only works at startup. if the system is running,
> having the entire disk encrypted is no different than the
> fact it's all in hex already. an individual user based
> encryption means all you have to do is logout, not power
> down, to kill the "decryption" process and thwart snooping.
>
> so how about a start-up passphrase protecting everything
> owned by root, then another for each individual user? but
> that would cancel root's ability to read everything....
>
> hmmm.....
>
> Curt-
>
> -----Original Message-----
> From: Paul Lowe [mailto:paul@ulink.net]
> Sent: Wednesday, May 30, 2001 12:03
> To: clemens; debian-security@lists.debian.org
> Subject: Re: root fs/crypted
>
> I like this. Would it be difficult to modify Debian, so that
> upon install, it creates an encrypted root volume and starts
> things off the right way?
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: