Re: Linux disk partition encryption
Because if your laptop gets stolen, the odds are that they will not
get the USB drive. Thus, it is another layer of security. Plus, if
they have /boot, they will be prompted for the passphrase, which means
they can brute force it. If /boot is missing, then all they get is a
grub message saying "Grub error 11".
I admit that most people stealing a laptop are more interested in the
hardware than the data, and that unless you are running a custom
kernel, it wouldn't be rocket science to generate a new /boot, but
again, it is another layer and would probably dissuade the script
kiddy.
--b
On Wed, Jan 26, 2011 at 4:01 PM, Celejar <celejar@gmail.com> wrote:
> [Please don't cc me on replies.]
>
> On Wed, 26 Jan 2011 15:48:15 -0500
> Brad Alexander <storm16@gmail.com> wrote:
>
> ...
>
>> Linux admins used LUKS, and as a further step, I put /boot (the only
>> partition that cannot be encrypted) on a USB stick, so that if anyone
>> got the laptop, they had no access to the data.
>
> Why does putting /boot on a USB stick gain you anything?
>
> Celejar
> --
> foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
> mailmin.sourceforge.net - remote access via secure (OpenPGP) email
> ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
>
>
Reply to: