-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 05 October 2001 05:07, Antti Koskimäki wrote:
> Simple question: How do I guarantee that not a single bit of my
> essential data is written non-crypted on my Linux (laptop-)box ?
<snip>
Encrypt the users' and root's homes, and swap, if used:
/home
/root
swap
If you spool sensitive data, encrypt /var, too.
> Then root-filesystem.
What for? Multiple GB's of almost-known plaintext encrypted under a
single key just makes it easier for an attacker. You should only
encrypt what's secret. Your /usr surely isn't!
Marc
- --
In July, [...] the FBI arrested a Russian computer security researcher
who had presented a paper on the strengths and weaknesses of software
used to protect electronic books. Dmitry Sklyarov [...] landed in jail
because the Digital Millennium Copyright Act (DMCA) makes publishing
critical research on this technology a more serious offense than
publishing nuclear weapon designs.
-- Bruce Schneier, Crypto-Gram Aug 2001
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7vgz+3oWD+L2/6DgRAnlaAJ4tVONQArSzX3eTNEl8KvYyDTFZMACgwDoi
rmlUkPMM8EAF6BgxUc3PvCA=
=mvHE
-----END PGP SIGNATURE-----
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
