On Wed, Jul 19, 2006 at 11:17:33PM +0700, Dave Patterson wrote: > * Digby Tarvin <[EMAIL PROTECTED]> [2006-07-19 15:58:19 +0100]: > > > In my opinion it is more secure to keep confidential data in a > > dedicated encrypted partition which is only initialised and mounted > > when really needed. If you are really paranoid, you can remove your > > network connection whenever the secred data is mounted. > > > > If you have the entire system encrypted and mount everything at boot, > > then your data is only safe with the computer is turned off. A hacker > > who gains root has everything... > > > The flipside to that is the cracker that searches journals on journalled > filesystems for sensitive data (keys for encrypted partitions, even the > sensitive document itself). > > A healthy dose of paranoia is in order here. Look at how you plan to > manage your encrypted data.
I'm not sure that I see how any of the sensitive data would find its way into the journal of a an unencrypted filesystem? Unless of course anyone were silly enough to copy stuff there... Two extra caveats I neglected to mention is: 1. I create 'secure' users with home directories in the secure home partition. When I access secure data, I mount the partition and then have to log in as my secure alter-ego. This is very important to ensure that your browser caches etc are also encrypted. The secure users shouldn't have write access to any unencrypted filesystem, including /tmp, to prevent inadvertant data compromise. I use a swap backed memory based filesystem for /tmp - ramfs or tmpfs, I can never remember which is which :-/ 2. If the data is very sensitive, either encrypt your swap partition or disable it when the secure partition is mounted. Regards, DigbyT -- Digby R. S. Tarvin digbyt(at)digbyt.com http://www.digbyt.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
