encrypted root filesystem

Ian Molton spyro at f2s.com
Mon Feb 23 14:43:06 PST 2004


On Mon, 23 Feb 2004 15:54:22 -0600
Dagmar d'Surreal <dagmar.wants at nospam.com> wrote:

> > > The Encrypted-Root-Filesystem-HOWTO doesn't encrypted the
> > > partition table. 
> > 
> > encrypted filesystems are stupid.
> 
> No, they're not.  You should be ashamed of yourself for posting such a
> comment.

I remain unconvinced. encrypting an entire filesystem gives you loads of
known plaintext (and binaries, potentially).

I havent seen a problem yet that isnt better solved by application level
crypto.

The *only* argument I have seen that holds any water is that at app
level every app will need a certain degree of vetting. This is a much
smaller risk if proper use of libraries is used.

-- 
Spyros lair: http://www.mnementh.co.uk/   ||||   Maintainer: arm26 linux

Do not meddle in the affairs of Dragons, for you are tasty and good with
ketchup.



More information about the hlfs-dev mailing list