Jean-Luc Cooke wrote: >USB key stores (or floppies) with a password encrypted keyfile to decrypt >your FS is a bit better. Make the kernel prompt this, not user land. So the >hacker would have to recompile the kernel to get your password/file/key. >Making the "10min" problem a "30-60min" problem. > >JLC - participated in too many of the "crypto isn't enough" rants. > > > It makes no difference if its userspace or not; just make the filesystem encrypted with a large key stored on your keychain (the USB type) and don't store it on the system _at all_. You want to make it almost as difficult as a full keyspace search (since they can still cryptanalyse the drive against known filesystem structures). -- Michael T. Babcock C.T.O., FibreSpeed Ltd. http://www.fibrespeed.net/~mbabcock - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
