On Thu, Aug 06, 2009 at 19:21 -0500, Manoj Srivastava wrote: > On Thu, Aug 06 2009, Siggy Brentrup wrote: > > > On Tue, Aug 04, 2009 at 18:50 -0500, line...@halo.nu wrote: > >> Hi - > > > >> I have a Debian Etch system which I recently upgraded to v5.0.2. > >> The file system was encrypted with LUKS at install time. > > > > Please bear with me, I'm asking this out of curiousity. Why did you > > encrypt the full root FS? I can understand that you want your $HOME > > encrypted, to a lesser degree I can follow you even with /etc, /tmp > > and /var, but why do you take the performance penalty on publically > > available stuff? > > Because I have /etc, /var/lib/dpkg, and /usr/local; all kinds of > things in /var and /tmp can be sensitive. I encrypt everything except > /boot -- even swap. > > All this increases the work-factor fro Mallory -- now, it is > somewhat hard to even figure out where each encrypted partition begins, > and you can't see what exactly it is that I am running, and it makes > it a little harder to inject things on my machine that will be resident > in memory and steal the information. > > Encryption is not just about confidentiality, it has an > integrity component as well.
Thanks Manoj, always I'm pleased to read your insights. I assume with
Mallory you are referring to the charater from
http://en.wikipedia.org/wiki/Alice_and_Bob
I had to search for it, but am catching up quickly I hope.
Thanks
Siggy
--
Please don't Cc: me when replying, I might not see either copy.
bsb-at-psycho-dot-informationsanarchistik-dot-de
or: bsb-at-psycho-dot-i21k-dot-de
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
signature.asc
Description: Digital signature
