Re: [SLUG] secure boot

From: steve szmidt (steve@szmidt.org)
Date: Sun Jul 24 2005 - 00:36:41 EDT

Next message: chris lee: "Re: [SLUG] secure boot"
Previous message: Robert Snyder: "Re: [SLUG] text based irc client for Linux?"
In reply to: Zoltan Patay: "Re: [SLUG] secure boot"
Next in thread: chris lee: "Re: [SLUG] secure boot"
Reply: chris lee: "Re: [SLUG] secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Saturday 23 July 2005 21:42, Zoltan Patay wrote:
> 1. Password protect Grub.
> 2. Encrypt /home
> 2b. It is possible to encrypt root fs and swap as well if well
> justified or particularly paranoid (needs more expertise, but that is
> usually readily aviable at such level of paranoia).

I'd like to pose the view that it's bad idea to encrypt anything but /home or
equivalent. All you are really accomplishing is making it more risky.

You have to give the system the key to run, once done it's not offering any
real security. Data should not be anywhere except where data is supposed to
be kept like in /home. So you system will boot, but your key is required and
if it does not work, well hopefully you have a backup.

You can argue that encrypting other partitions does help security and it's
true, it does help a bit. But again I don't see the value. Keep you system up
to date, lock it down and that usually does the trick just fine (talking
about Unices of course).

When I have encrypted a partition it has been on a small "safe" partition that
I created on my laptop. It only kept things I did not want to get into the
wrong, or anauthorized hands. So I had a fully operational system, but had
the valuable data locked away.

Actually at one point I forgot what the key was one one laptop, and could not
get in. Fortunately this was on one that was empty. But I was laughing over
somehow ending up in a position where I would be in contempt of court for not
letting them in. Not that I ever had anything of interest to a court, but
just the idea of being told to let them in, and saying I forgot... It would
look like a bad excuse.

Steve Szmidt

"They that would give up essential liberty for temporary safety deserve neither liberty nor safety." Benjamin Franklin ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.

Next message: chris lee: "Re: [SLUG] secure boot"
Previous message: Robert Snyder: "Re: [SLUG] text based irc client for Linux?"
In reply to: Zoltan Patay: "Re: [SLUG] secure boot"
Next in thread: chris lee: "Re: [SLUG] secure boot"
Reply: chris lee: "Re: [SLUG] secure boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:20:10 EDT