Celejar: > Brad Alexander <[email protected]> wrote: > >> Linux admins used LUKS, and as a further step, I put /boot (the only >> partition that cannot be encrypted) on a USB stick, so that if anyone >> got the laptop, they had no access to the data. > > Why does putting /boot on a USB stick gain you anything?
Because an unencrypted /boot may be altered by an attacker without you
noticing it. Theoretically, the kernel may be replaced by another one
that reports your passphrase to the attacker.
J.
--
I feel yawning hollowness whilst talking to people at parties.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
signature.asc
Description: Digital signature
