[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux disk partition encryption



Celejar:
> Brad Alexander <storm16@gmail.com> wrote:
> 
>> Linux admins used LUKS, and as a further step, I put /boot (the only
>> partition that cannot be encrypted) on a USB stick, so that if anyone
>> got the laptop, they had no access to the data.
> 
> Why does putting /boot on a USB stick gain you anything?

Because an unencrypted /boot may be altered by an attacker without you
noticing it.  Theoretically, the kernel may be replaced by another one
that reports your passphrase to the attacker.

J.
-- 
I feel yawning hollowness whilst talking to people at parties.
[Agree]   [Disagree]
                 <http://www.slowlydownward.com/NODATA/data_enter2.html>

Attachment: signature.asc
Description: Digital signature


Reply to: