On Wed, 11 May 2011, Dominic Hargreaves wrote: > > Sorry but if you alternate physical possession of a laptop with someone whom > > you suspect of being hostile, no files are secure as long as they're stored > > on that laptop. > > This is not necessarily the case if a per-user encrypted filestore, > such as ecryptfs, is in use (where a user may be unlocking access to > their home directory at the same time as logging in, via a pam hook).
I suppose you do have done the non-trivial steps required to secure the box against a rogue kernel install by the 'untrusted' person? This is only one possible attack vector. There are others. There are defenses, but they go way beyond 'a per-user encrypted filesystem'. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110512012603.gb31...@khazad-dum.debian.net