encrypted disc hint

Archaic archaic at linuxfromscratch.org
Sun Jun 5 06:03:47 PDT 2005


On Sun, Jun 05, 2005 at 07:30:44AM -0400, Robert Connolly wrote:
> How do you guys feel about adding support for encrypting disks to the book? I 
> know not everyone will use it, maybe some xml magic can help. I foresee four 
> models:
> 	Green (Low) - Encrypt swap only

If swap is flushed at shutdown, and since it cannot be read unless one
is root (or has a mis-configured box), what exactly does swap encryption
add other than a false sense of security?

> 	Yellow (Medium) - Encrypt swap, /tmp, /var/tmp, /home, and backup media

I can see the usefulness of /tmp, /var/tmp, and /home. I can even see
the usefulness of backup media, but that is to assume that the book
should handle exactly *how* a system gets backed up so it can dictate
how it is encrypted. That, IMO, is well beyond the scope of the book as
I don't see how we should dictate backup policy (though we should add a
chapter on safe admin practices). Also, one thing to note would be the
use of /tmp. If it gets hit regularly on a system, performance will
drop, though I would imagine most programs don't need extensive use of
it (except for compiling and such which would be silly on such a machine
anyway).

> 	Orange (High) - Encrypt everything
> 	Red (Tinfoil helmet) - Encrypt everything and make it deniable

No. I'm the one people call paranoid and even I think this is
ridiculously overboard. There is a huge performance hit and we aren't
targetting a commercial/military grade customer base.



-- 
Archaic

Want control, education, and security from your operating system?
Hardened Linux From Scratch
http://www.linuxfromscratch.org/hlfs




More information about the hlfs-dev mailing list