On Tue, Jul 17, 2007 at 05:18:49PM +0200, Die Gestalt wrote:
> On 7/17/07, Joachim Schipper <[EMAIL PROTECTED]> wrote:
> >But why encrypt the whole disk? I can see why you'd want to encrypt user
> >data - say, /home - but why encrypt boring stuff like /usr?
>
> This makes cryptanalysis harder since it's impossible to distinguish
> interesting data from uninteresting data. You have to deal with 30 Go
> (for example) of ciphered data.
>
> In addition when the whole disk is encrypted you don't have to bother
> about is it encrypted or not, is my data secure? Yes it is, everything
> is encrypted, wherever it might be.
>
> You say that /usr is boring... Are you sure?
Pretty sure. Anyone who has access to your bootdisk will know exactly
what software you are running, and anyone capable of basic Googling will
have little problems figuring out OpenBSD is installed (Blowfish
encryption, the disklabel/partition table number, etc). Unless you
install a program called 'search-for-goat-porn', I don't think reading
/usr is going to do an attacker that much good.
And do you really think an attacker would be interested in 200 GB of
music, movies, or some holiday pics? Adding noise is the least of your
worries.
That, and if you seriously had to worry about people who could get
useful data out of a Blowfish encrypted partition, you would have better
things to do than posting here. Like running far, far away, or at least
finding a way of sending mail that can actually be relied upon to keep
your data confidential.
Joachim
--
TFMotD: fnord (X) - fnord the fnord using fnord fnord.
