Re: retrofitting LUKS encryption on installed system

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Top-post cause of BB :-(
Private keys (if stored locally), for outgoing traffic, should reside in the users home-dir.
Passwords should be replaced multi-factor strong auth's: card/token plus PIN.
Any alterations of filesystem beyond /home can be detected+reported.

Full disc encryption on a athom demands some extra patience :-)


----- Oorspronkelijk bericht -----
Van: Bill Davidsen [mailto:davidsen@xxxxxxx]
Verzonden: Saturday, June 29, 2013 10:07 PM W. Europe Standard Time
Aan: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx>
Onderwerp: Re: retrofitting LUKS encryption on installed system

J.Witvliet@xxxxxxxxx wrote:
> -----Original Message-----
> From: users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Fred Smith
> Sent: Friday, June 28, 2013 3:42 PM
> To: users@xxxxxxxxxxxxxxxxxxxxxxx
> Subject: retrofitting LUKS encryption on installed system
>
> I've got a F19 installation that I'd like to turn into a fully encrypted
> system with LUKS.
>
> There are many howtos on the web for encrypting a partition, but they
> all show doing it to /home.
> -----Original Message-----
>
> No, just re-install.
> One partition with /boot and another with an encrypted volume-group, holding /, swap and the rest.
>
> But before embarking on that trip, do you really need full disk encryption?
> I mean, the content of /usr is on any fedora-cd ;-) And when up-and-running, everything is unlocked.
>
> The only valid reason I can think about, is that other people have physically access to your machine and could get root-access by booting from cd/dvd, and might alter your system.
>
If they have secret access they can install evil devices, but if you are 
protecting against theft (laptops) or someone with a search warrant (NSA) comes 
and takes your drives.

> It surely works, but at a performance price. And the certainty that you have to enter the LUKS-key each time you boot.
>
The only safe place to store password info is in your head. If one other person 
has it it's not a secret, so you have to decide if losing the data is worse than 
having someone else get it. That's a policy decision, on-technical.
> ______________________________________________________________________
> Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten.
>
> This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
>


-- 
Bill Davidsen <davidsen@xxxxxxx>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org




[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux