On 2001-10-05, Marc Mutz <Marc.Mutz@xxxxxxxxxxxxxxxx> wrote: > On Friday 05 October 2001 05:07, Antti Koskimäki wrote: > > Simple question: How do I guarantee that not a single bit of my > > essential data is written non-crypted on my Linux (laptop-)box ? [snip] > > Then root-filesystem. > What for? Multiple GB's of almost-known plaintext encrypted under a > single key just makes it easier for an attacker. You should only > encrypt what's secret. Your /usr surely isn't! Not speaking for Antti, but I'm concerned not just with "someone could steal the hard drive out of my laptop" but also "someone could steal the hard drive out of my laptop, trojan some important binaries in any non-encrypted partitions I have, then put it back, waiting for me to use it again and leak key material, run privileged tools while the encrypted filesystems are mounted, etc, and then steal it again." To provide at least some protection from that, you need some assurance of the integrity of, basically, everything. Plaintext /boot and encrypted everything else still isn't good enough, as the kernel / initrd could be swapped out by a malicious party. So, boot off a write-once CDROM with your handwriting on it (and/or which you carry seperate from the laptop--the business-card CDs would be good for this) and encrypt *everything* on the hard drive. Wouldn't hurt to also do fscks and md5sum checking of system binaries after the hard drive is losetup, too, since though they may not be able to do much they can surely scribble over things. -- Hank Leininger <hlein@xxxxxxxxxxxxxxxxxxxx> Then, of course, you're still trusting your BIOS, keyboard, EM radiation... Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
