Because if your laptop gets stolen, the odds are that they will not get the USB drive. Thus, it is another layer of security. Plus, if they have /boot, they will be prompted for the passphrase, which means they can brute force it. If /boot is missing, then all they get is a grub message saying "Grub error 11".
I admit that most people stealing a laptop are more interested in the hardware than the data, and that unless you are running a custom kernel, it wouldn't be rocket science to generate a new /boot, but again, it is another layer and would probably dissuade the script kiddy. --b On Wed, Jan 26, 2011 at 4:01 PM, Celejar <cele...@gmail.com> wrote: > [Please don't cc me on replies.] > > On Wed, 26 Jan 2011 15:48:15 -0500 > Brad Alexander <stor...@gmail.com> wrote: > > ... > >> Linux admins used LUKS, and as a further step, I put /boot (the only >> partition that cannot be encrypted) on a USB stick, so that if anyone >> got the laptop, they had no access to the data. > > Why does putting /boot on a USB stick gain you anything? > > Celejar > -- > foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator > mailmin.sourceforge.net - remote access via secure (OpenPGP) email > ssuds.sourceforge.net - A Simple Sudoku Solver and Generator > > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktinofcwvlvy1yn4jdxtjvuynhvop4zysy6n74...@mail.gmail.com
