encrypted root filesystem

Bennett Todd bet at rahul.net
Mon Feb 23 13:37:15 PST 2004


2004-02-23T16:29:14 Ian Molton:
> On Mon, 23 Feb 2004 16:23:18 -0500
> Bennett Todd <bet at rahul.net> wrote:
> > My favourite is laptops. If you have to enter a passphrase at bootup
> > time to enable access to the hard disk, and there's good strong
> > crypto well-implemented, then losing the laptop (or having it
> > stolen) can cease to be a data disclosure threat.
> 
> crypto filesystems are the solution here because...

...they can offer a reasonable tradeoff of [in]convenience -vs-
[in]security.

If a passphrase must be known to access the contents of a hard
drive, then a lost laptop represents loss of the data (any that
wasn't backed up), loss of access to the device, the replacement
cost of the device, etc.

If the data on the drive isn't encrypted then a lost or stolen
laptop puts the data into the hands of the finder or thief.

There are other approaches; files can be individually encrypted. But
by and large that's less convenient. Encrypting the whole
filesystem or partition or drive lets a user present their
passphrase once each time the system boots up, and requires no
special helper support in apps.

-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20040223/ecf69efb/attachment.sig>


More information about the hlfs-dev mailing list