On Sun, 2010-06-27 at 01:34 +0200, Arno Wagner wrote: > Hmm. You know, encrypted root is a problem and pretty difficult > to do in the rfirt place. Why not just encrypt the critical > parts, like /var /home /root? The rest only holds binaries > and config files anyways, which are not that sensitive... They're actually very sensitive, against compromise "when I'm not there" and the device is e.g. shut down (or even running). An attacker with access to my device could easily add e.g. a rootkit when I'm not there, which just waits until I once decrypt the "important stuff" and sends the key/data back home. dm-crypte largely protects you from this. Even if it doesn't give you mathematical integrity/authenticity, it's still very difficult for an attacker to do reasonable attacks (other then destroying your data) because he neither know where to change, nor to which value. Cheers, Chris. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
