-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stewart Stremler wrote: > Um, no.
Um, yes. > Watch what happens in practice when those sorts of constraints are > imposed. If losing the passphrase makes the hardware unavailable (and > remember that "Available" is part of security these days) user *will* > use post-its or sharpie-on-tape to associated the password with the > laptop. That is perfectly fine! I *advocate* writing down passwords. In fact I write my root passwords on post-its. It is better than choosing an easily guessable password. > Encrypting the data on a laptop isn't a bad thing -- ESPECIALLY if > you're going to cross international borders and perhaps have your > laptop confiscated and searched. (And how soon before the TSA starts > demanding the same for domestic flights?) Indeed. > If the majority of the users were to encrypt their hard-drives as a > matter of course, then the benefit of confiscation-and-search would > go way down, hopefully to the point where it's not worth the effort. Yep. > I think that if you have an encrypted system disk, you should have > TWO... and you choose which one to boot depending on the passphrase > provided. That's a good idea. > (And maybe a passphrase that indicates "destroy all information NOW", > presumably by deleting the keys used to encrypt/decrypt the drive.) As is this one. - -- Tracy R Reed http://ultraviolet.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFFCkDq9PIYKZYVAq0RAqyvAJ4zcE9tD1daV75P/lYM0ADZzwBWqQCfbNAZ prD4JA+FONd2IY3Zu8sLBPI= =IkdM -----END PGP SIGNATURE----- -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
