Re: Linux disk partition encryption

To: debian-user@lists.debian.org
Subject: Re: Linux disk partition encryption
From: Jochen Schulz <ml@well-adjusted.de>
Date: Wed, 26 Jan 2011 23:24:07 +0100
Message-id: <[🔎] 20110126222407.GS4148@wasteland.homelinux.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20110126160149.39fd71f2.celejar@gmail.com>
References: <[🔎] ihobsl$pt9$1@dough.gmane.org> <[🔎] 20110126092929.adc7f6c8.celejar@gmail.com> <[🔎] AANLkTikyHiEaTunK3qEFzG=eGVinNBuGxNBWp1r8_e5L@mail.gmail.com> <[🔎] 20110126160149.39fd71f2.celejar@gmail.com>

Celejar:
> Brad Alexander <storm16@gmail.com> wrote:
> 
>> Linux admins used LUKS, and as a further step, I put /boot (the only
>> partition that cannot be encrypted) on a USB stick, so that if anyone
>> got the laptop, they had no access to the data.
> 
> Why does putting /boot on a USB stick gain you anything?

Because an unencrypted /boot may be altered by an attacker without you
noticing it.  Theoretically, the kernel may be replaced by another one
that reports your passphrase to the attacker.

J.
-- 
I feel yawning hollowness whilst talking to people at parties.
[Agree]   [Disagree]
                 <http://www.slowlydownward.com/NODATA/data_enter2.html>

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Linux disk partition encryption
  - From: Celejar <celejar@gmail.com>

References:
- Linux disk partition encryption
  - From: T o n g <mlist4suntong@yahoo.com>
- Re: Linux disk partition encryption
  - From: Celejar <celejar@gmail.com>
- Re: Linux disk partition encryption
  - From: Brad Alexander <storm16@gmail.com>
- Re: Linux disk partition encryption
  - From: Celejar <celejar@gmail.com>

Prev by Date: Re: Testing
Next by Date: Re: Mplayer question??
Previous by thread: Re: Linux disk partition encryption
Next by thread: Re: Linux disk partition encryption
Index(es):
- Date
- Thread