On Fri, Oct 05, 2001 at 09:41:50PM +0200, Marc Mutz wrote:
> > Simple question: How do I guarantee that not a single bit of my
> > essential data is written non-crypted on my Linux (laptop-)box ?
> <snip>
> > Then root-filesystem.
>
> What for? Multiple GB's of almost-known plaintext encrypted under a
> single key just makes it easier for an attacker. You should only
> encrypt what's secret. Your /usr surely isn't!
That is a good point, but not the only way of looking at it. My thoughts
in wanting to encrypt the root filesystem are that an attacker would
have to spend a lot of energy to get at useless data.
I figure that the TLA's have taken multiple GB's of fully-known
plaintext, and they have done a lot of research looking for ways to
crack all the known algorithms. If that hasn't taught them how to do it,
my /usr isn't going to help them. Or if it *has* worked and they know
how to break my algorithm, they'll get my data anyway, and I might as
well hide my needles[1] in a bigger haystack.
Rob - /dev/rob0
[1] No, there are no needles. :) For those of you who are not native
English speakers, that is a common idiom to describe a difficult search.
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
