encrypted root filesystem

Ian Molton spyro at f2s.com
Mon Feb 23 15:34:38 PST 2004


On Tue, 24 Feb 2004 10:21:03 +1100
Thomas Sutton <thsutton at tasmaniac.net> wrote:

> The other benefit that an encypted fs/dev has over encrypted files is
> the deniability.

So dont name your file 'top secret dirty porno' then

> Regarding the "it provides lots of known plain text" argument: if you
> can tell me a way to determine which particular blocks in a given
> filesystem,

AIUI there is no requirement to know where the known plaintext is. it
merely helps.

>Even
> if you could, you would only be able to guess at which particular 3
> block file is /bin/false,

You dont need to. you only need to know that the blocks are there, not where they are. its not like they're small - 512K at a time or worse...

> I don't think that
> anyone who needed to run crypted fs' would be so foolish (if I may be
> so bold) as to waste time and space encrypting non-sensitive
> information. 

Im still unconvinced that even small partitions need it, but it is a far more sensible way to do it (looped files is even better). Perhaps one day I'll see that 'killer app'. Until then I will remain unconvinced but safe in the knowledge its already been developed...


-- 
Spyros lair: http://www.mnementh.co.uk/   ||||   Maintainer: arm26 linux

Do not meddle in the affairs of Dragons, for you are tasty and good with
ketchup.



More information about the hlfs-dev mailing list