Re: Etch to 5.0.2 upgrade failed - Encrypted filesystem will not boot
On Thu, Aug 06 2009, Siggy Brentrup wrote:
> On Tue, Aug 04, 2009 at 18:50 -0500, lineman@halo.nu wrote:
>> Hi -
>
>> I have a Debian Etch system which I recently upgraded to v5.0.2.
>> The file system was encrypted with LUKS at install time.
>
> Please bear with me, I'm asking this out of curiousity. Why did you
> encrypt the full root FS? I can understand that you want your $HOME
> encrypted, to a lesser degree I can follow you even with /etc, /tmp
> and /var, but why do you take the performance penalty on publically
> available stuff?
Because I have /etc, /var/lib/dpkg, and /usr/local; all kinds of
things in /var and /tmp can be sensitive. I encrypt everything except
/boot -- even swap.
All this increases the work-factor fro Mallory -- now, it is
somewhat hard to even figure out where each encrypted partition begins,
and you can't see what exactly it is that I am running, and it makes
it a little harder to inject things on my machine that will be resident
in memory and steal the information.
Encryption is not just about confidentiality, it has an
integrity component as well.
manoj
--
MIT: The Georgia Tech of the North
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: