root encryption vs just /home encryption?
Bruno Wolff III
bruno at wolff.to
Tue Mar 25 15:12:42 UTC 2008
On Tue, Mar 25, 2008 at 14:26:34 +0000,
"\"Jóhann B. Guðmundsson\"" <johannbg at hi.is> wrote:
>
> All I was suggesting that where you "hash" encrypt in anaconda there
> would be a notification
> telling the user(s) that thou he encrypted the drive it would be
> vulnerable to "cold boot" attack.
> something along with line it's better to encrypt but it's not secure
> even thou governments and corporates have claimed it to be.
>
> No need to be promoting false security..
While the various methods of dumping memory contents in order to retrieve
a liuks partion key are real, the fact they they exist doesn't make using
luks encryption insecure. You may also need to worry about keyloggers,
cameras, shoulder surfing getting the box hacked while the file systems
are mounted and connected to a network or even the old rubber hose method.
That depends on your threat model.
I am not sure a warning at that point is worthwhile. Instead the limitations
of encrypted file systems should be covered in the same place(s) the feature
is documented. If the install points the user to anything during the install
process it should be to the feature description (possibly in the release
notes if it is well documented there).
More information about the devel
mailing list