Todd Walton([EMAIL PROTECTED])@Thu, Sep 14, 2006 at 07:02:51AM -0500:
> On 9/14/06, Wade Curry <[EMAIL PROTECTED]> wrote:
> >> begin quoting Todd Walton as of Wed, Sep 13, 2006 at 09:31:20PM -0500:
> >> > On 9/12/06, James G. Sack (jim) <[EMAIL PROTECTED]> wrote:
> >> > >accessing the filesystem on the hd by booting a livecd, or plugging
> >the
> >> > >hd into another system, or..
> >> >
> >> > Not if you have a dm-crypt encrypted root filesystem.
> >>
> >Does anyone really do that? What would be the point?? I'm referring
> >to encrypting the root fs; I know that people wipe and reinstall.
> >;)
> >
> >I can't think of any significant benefit.
>
> So somebody can't just boot a livecd and access your filesystem!
> That's good enough reason for me. I, personally, am willing to endure
> the drawbacks in the name of research. Someday there won't be
> drawbacks.
I think you misunderstood my question. I see a clear benefit to
encrypted file systems in general. Specifically, encrypting the
*root* filesystem seems rather useless to me. I can't think of
anything in any of my root partitions that is sensitive data. In
fact, if you install Debian Sarge, you have a good snapshot of what
is in my root partition without any of the hassle of cracking my
machines.
It makes complete sense to me to encrypt stuff in /home and other
filesystems that have installation-specific data, or personal data.
I just can't see a benefit in putting that extra overhead into
accessing /bin/${shell}.
Wade Curry
syntaxman
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
