On Wed, 26 Jan 2011 16:21:41 -0500 Brad Alexander <stor...@gmail.com> wrote:
> Because if your laptop gets stolen, the odds are that they will not > get the USB drive. Thus, it is another layer of security. Plus, if > they have /boot, they will be prompted for the passphrase, which means > they can brute force it. If /boot is missing, then all they get is a > grub message saying "Grub error 11". > > I admit that most people stealing a laptop are more interested in the > hardware than the data, and that unless you are running a custom > kernel, it wouldn't be rocket science to generate a new /boot, but > again, it is another layer and would probably dissuade the script > kiddy. What I meant was just that it's trivial to write a /boot, so there's no real security gain. > --b > > On Wed, Jan 26, 2011 at 4:01 PM, Celejar <cele...@gmail.com> wrote: > > [Please don't cc me on replies.] > > > > On Wed, 26 Jan 2011 15:48:15 -0500 > > Brad Alexander <stor...@gmail.com> wrote: > > > > ... > > > >> Linux admins used LUKS, and as a further step, I put /boot (the only > >> partition that cannot be encrypted) on a USB stick, so that if anyone > >> got the laptop, they had no access to the data. > > > > Why does putting /boot on a USB stick gain you anything? > > > > Celejar > > -- > > foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator > > mailmin.sourceforge.net - remote access via secure (OpenPGP) email > > ssuds.sourceforge.net - A Simple Sudoku Solver and Generator > > > > > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: > http://lists.debian.org/aanlktinofcwvlvy1yn4jdxtjvuynhvop4zysy6n74...@mail.gmail.com Celejar -- foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110126165646.1be97ecc.cele...@gmail.com
