On Thu, Aug 06, 2009 at 19:21 -0500, Manoj Srivastava wrote:
> On Thu, Aug 06 2009, Siggy Brentrup wrote:
>
> > On Tue, Aug 04, 2009 at 18:50 -0500, lineman@halo.nu wrote:
> >> Hi -
> >
> >> I have a Debian Etch system which I recently upgraded to v5.0.2.
> >> The file system was encrypted with LUKS at install time.
> >
> > Please bear with me, I'm asking this out of curiousity. Why did you
> > encrypt the full root FS? I can understand that you want your $HOME
> > encrypted, to a lesser degree I can follow you even with /etc, /tmp
> > and /var, but why do you take the performance penalty on publically
> > available stuff?
>
> Because I have /etc, /var/lib/dpkg, and /usr/local; all kinds of
> things in /var and /tmp can be sensitive. I encrypt everything except
> /boot -- even swap.
>
> All this increases the work-factor fro Mallory -- now, it is
> somewhat hard to even figure out where each encrypted partition begins,
> and you can't see what exactly it is that I am running, and it makes
> it a little harder to inject things on my machine that will be resident
> in memory and steal the information.
>
> Encryption is not just about confidentiality, it has an
> integrity component as well.
Thanks Manoj, always I'm pleased to read your insights. I assume with
Mallory you are referring to the charater from
http://en.wikipedia.org/wiki/Alice_and_Bob
I had to search for it, but am catching up quickly I hope.
Thanks
Siggy
--
Please don't Cc: me when replying, I might not see either copy.
bsb-at-psycho-dot-informationsanarchistik-dot-de
or: bsb-at-psycho-dot-i21k-dot-de
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
Attachment:
signature.asc
Description: Digital signature