encrypted root filesystem

Bennett Todd bet at rahul.net
Tue Feb 24 06:25:50 PST 2004


2004-02-23T17:43:06 Ian Molton:
> I remain unconvinced. encrypting an entire filesystem gives you
> loads of known plaintext (and binaries, potentially).

Known plaintext (and even stronger, chosen plaintext) are attacks
against which a cryptosystem must be completely robust for it to be
considered a good one. Amateur efforts often fail this. But
something as simple as a good passphrase used as the key for a good
block cypher (e.g. AES) has no problems with known plaintext.

> I havent seen a problem yet that isn't better solved by
> application level crypto.

Then you may not have dealt much with normal users with their normal
feelings about any tradeoff that has "convenience" on one side of
the -vs-.

-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20040224/939dbf3e/attachment.sig>


More information about the hlfs-dev mailing list