Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/3/19 1:57 AM, John M. Harris Jr wrote:
On Monday, December 2, 2019 12:46:30 PM MST Chris Murphy wrote:
It's almost 2020, and I shouldn't have to pick and choose between
remote access and securing user data at rest by default.
You don't have to. Data at rest would mean that your system is powered off, or
suspended to disk. You can have that now with full disk encryption, just as I
do. Depending on your system, you can actually encrypt the entire disk such
that you don't even have a partition table. I do this with my X200 Tablet,
where GRUB is loaded from flash, which decrypts my disk, and then mounts ZFS
mountpoints, swaps on a ZFS zdev.

I think Chris is referring to the fact that you have to be there when the encrypted system is restarted, to type the decryption key/password. The dilemma is this: if the decryption is automatic, it doesn't really protect the data at rest, because the boot process is not secured like it is on Android or IOS, and therefore the intruders could get in and access the now-unencrypted disk.

It is conceivable  to set up some sort of location-based decryption, where you would not have to give the password if the system is on a known network, authenticating through a trusted interface to a known host, but it's not a solved problem.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux