On Mon, 3 Jul 2017 02:00:22 +0200, Alessandro wrote in message <20170703020022.7ede7fb3@ayu>:
> On Mon, 3 Jul at 2017 01:03:13 +0200 > Arnt Karlsen <a...@iaksess.no> wrote: > > > On Mon, 3 Jul 2017 00:42:52 +0200, Alessandro wrote in message > > <20170703004252.748a9c7f@ayu>: > > > >> Il giorno Wed, 28 Jun 2017 19:38:11 +0200 > >> Didier Kryn <k...@in2p3.fr> ha scritto: > >> > >>> Le 28/06/2017 à 15:40, Stephan Seitz a écrit : > >>> > And today you should always encrypt your discs. > >>> > >>> I don't see any reason to encrypt /usr. You might like to > >>> encrypt /etc because it contains user names and (already > >>> encrypted) passwords. But definitely there is no reason to > >>> encrypt everything. > >> > >> Valid reasons to encrypt /usr include: > >> > >> 1) /usr resides on the same partition as / and/or /home (trivial > >> case); 2) protecting its files from being tampered with when the > >> device is offline; > >> 3) making harder to someone who can access your > >> offline HD understand which partition is /, or /usr or /home, so > >> that the attacker will have to try to decrypt them all; > >> 4) you put stuff in /usr/local that might contain > >> keys/passwords/sensitive information that would better be kept > >> protected. > > > > ..if you wanna protect /usr/local, chop that off /usr and > > encrypt, mount etc them all as you damned please. > > /usr/local was standardized for a reason. You might do as you like > on your personal PC, maybe you're not as free to do the same on your > company's server/workstation. ..a corner case might be company centralized maintenance on hardware where you mount your handy encrypted /usr/local, /opt, /home/arnt etc while keeping the company un-encrypted hardware accessible for e.g. airport etc 'Securitate.' > You might have /opt bind-mounted > on /usr/local, and have lots of stuff there you don't want to peruse > to see if any of it would better be kept away from prying eyes (like > VM images). What specific reasons do you have *not* to encrypt /usr > in a machine that has / and /home encrypted? What do you gain by > that? ..not much, all valid reasons to encrypt. On Mon, 3 Jul 2017 02:20:22 +0200, Alessandro wrote in message <20170703022022.2e7ff012@ayu>: > I forgot to mention: leaking your collection of installed software > is sometimes itself leaking personal and possibly sensitive > information about yourself and your business, for the same reasons > TCP/IP traffic metadata is important in it's own right. ..precisely, can easily be done by e.g. airport etc 'Securitate' or by your own network traffic. > Plus, if you travel extensively, you might not know if the place > you're traveling into has enacted some restrictions on the kind of > software you are allowed to own and run. ..precisely, is why you research upfront and plan ahead, even for tin foil kinda stuff ... oh wait, who's #45? ;oD -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
