begin quoting Tracy R Reed as of Thu, Sep 14, 2006 at 11:22:13AM -0700: > Todd Walton wrote: > >On 9/14/06, Wade Curry <[EMAIL PROTECTED]> wrote: > >>I can't think of any significant benefit. > > > >So somebody can't just boot a livecd and access your filesystem! > >That's good enough reason for me. I, personally, am willing to endure > >the drawbacks in the name of research. Someday there won't be > >drawbacks. > > I am beginning to think that every laptop should have an encrypted > filesystem. If the laptop gets stolen it's no big deal. You only lose > the hardware and not your data to identity thieves (which you have > safely backed up at home, right?). If this were common practice it would > end all of these stories about peoples SSN's and secret government data > being lost with laptops.
Um, no. Watch what happens in practice when those sorts of constraints are imposed. If losing the passphrase makes the hardware unavailable (and remember that "Available" is part of security these days) user *will* use post-its or sharpie-on-tape to associated the password with the laptop. Encrypting the data on a laptop isn't a bad thing -- ESPECIALLY if you're going to cross international borders and perhaps have your laptop confiscated and searched. (And how soon before the TSA starts demanding the same for domestic flights?) If the majority of the users were to encrypt their hard-drives as a matter of course, then the benefit of confiscation-and-search would go way down, hopefully to the point where it's not worth the effort. I think that if you have an encrypted system disk, you should have TWO... and you choose which one to boot depending on the passphrase provided. (And maybe a passphrase that indicates "destroy all information NOW", presumably by deleting the keys used to encrypt/decrypt the drive.) -- _ |\_ \| -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
