The Future of SELinux
bofh at stremler.net
Thu Sep 14 12:09:25 PDT 2006
begin quoting Tracy R Reed as of Thu, Sep 14, 2006 at 11:22:13AM -0700:
> Todd Walton wrote:
> >On 9/14/06, Wade Curry <wade-ml-kplug at syntaxman.org> wrote:
> >>I can't think of any significant benefit.
> >So somebody can't just boot a livecd and access your filesystem!
> >That's good enough reason for me. I, personally, am willing to endure
> >the drawbacks in the name of research. Someday there won't be
> I am beginning to think that every laptop should have an encrypted
> filesystem. If the laptop gets stolen it's no big deal. You only lose
> the hardware and not your data to identity thieves (which you have
> safely backed up at home, right?). If this were common practice it would
> end all of these stories about peoples SSN's and secret government data
> being lost with laptops.
Watch what happens in practice when those sorts of constraints are
imposed. If losing the passphrase makes the hardware unavailable (and
remember that "Available" is part of security these days) user *will*
use post-its or sharpie-on-tape to associated the password with the
Encrypting the data on a laptop isn't a bad thing -- ESPECIALLY if
you're going to cross international borders and perhaps have your
laptop confiscated and searched. (And how soon before the TSA starts
demanding the same for domestic flights?)
If the majority of the users were to encrypt their hard-drives as a
matter of course, then the benefit of confiscation-and-search would
go way down, hopefully to the point where it's not worth the effort.
I think that if you have an encrypted system disk, you should have
TWO... and you choose which one to boot depending on the passphrase
(And maybe a passphrase that indicates "destroy all information NOW",
presumably by deleting the keys used to encrypt/decrypt the drive.)
More information about the KPLUG-List