Celejar: > Brad Alexander <storm16@gmail.com> wrote: > >> Linux admins used LUKS, and as a further step, I put /boot (the only >> partition that cannot be encrypted) on a USB stick, so that if anyone >> got the laptop, they had no access to the data. > > Why does putting /boot on a USB stick gain you anything? Because an unencrypted /boot may be altered by an attacker without you noticing it. Theoretically, the kernel may be replaced by another one that reports your passphrase to the attacker. J. -- I feel yawning hollowness whilst talking to people at parties. [Agree] [Disagree] <http://www.slowlydownward.com/NODATA/data_enter2.html>
Attachment:
signature.asc
Description: Digital signature