encrypted root filesystem

Dagmar d'Surreal dagmar.wants at nospam.com
Sat Feb 28 07:36:23 PST 2004


On Tue, 2004-02-24 at 08:44, Gregory Davis wrote:

> [...] I long for the day when I insert a smartcard into
> a slot on the computer and all my data are unbeatably encrypted for their
> entire lifetime, and it all happens on the fly, and transparent to the
> kernel.

Step #1.  Buy a USB "memory key" of 128Mb or so in size (~$50, mentions
of lesser/greater prices should be kept to oneself, this is a ballpark
figure).

Step #2.  Look into how to boot from the memory key plugged into your
USB port.  Stick your root filesystem on there, shut down and take it
with you when you're away from the machine.  Many come with lanyards for
wearing around the neck for extra geek chic.

Step #3.  Implement cryptographic filesystems across the entire IDE
disk.

Step #4.  Make a bloody backup of the filesystem on your memory key and
put it somewhere safe.  Without it, your data is gone, gone, _gone_ (or
at least inaccessible until you're 85 years old).

Step #5.  Try to mutter incoherently about speed tradeoffs when drunk.

Step #6.  Come to grips with the fact that hardware-based total disk
strong encryption isn't likely to become available to the consumer,
ever, with the current political regimes in place.
-- 
The email address above is phony because my penis is already large enough, kthx. 
              AIM: evilDagmar  Jabber: evilDagmar at jabber.org




More information about the hlfs-dev mailing list