[ltp] Suspend with crypted swap?

Konstantin Filtschew linux-thinkpad@linux-thinkpad.org
Sat, 08 Sep 2007 09:45:01 +0200


--=-aWZs0iiPh6zSBzsBvOPE
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi,

I think there is a sense for encrypting all partitions. I use encryption
for protecting my system against local attacks:
- mounting hd with a boot disk
- try to manipulate your system, if your system is at home and you are
not
- If someone try to add you a trojan on your system, they would be able,
if not all of your partitions are encrypted. Especially /bin and /sbin
are great places for trojans.
- all partitions must be encrypted, because people make faults and you
can accidentally save a file on the wrong partition containing secret
information. This protection is of cause more against yourself, but I
think there are no one, who doesn't make faults.

For me encrypting partitions is a think for protecting my system against
attackers sitting in front of my system and I can't stop them from doing
this.


My 2 cent

Regards,

Konstantin


On Fri, 2007-09-07 at 22:17 +0200, Igor V. Rafienko wrote:
> on Sep 7, 2007, 15:54, U Kuehn wrote:
>=20
> [ ... ]
>=20
> > Is this enough reason for you to suspend into encrypted swap?
>=20
>=20
> I think we were talking passed each other.
>=20
> I am all for encrypted swap (and suspending to it). But to me it makes no=
=20
> sense to encrypt /, or /var or anything else except:
>=20
> * /home
> * /tmp
> * swap
>=20
> ... because none of the information in / is really a secret, except the=20
> aforementioned partitions. There is of course stuff like /etc/shadow and=20
> /etc/wpa_supplicant.conf (but it can be moved to an encrypted partition),=
=20
> but other than that, what is in cleartext in / that is NOT located on the=
=20
> partitions above?
>=20
>=20
>=20
>=20
>=20
> ivr
> --=20
> hvilket betyder at sprogdefinitionen tillader overs=C3=A6tteren at g=C3=
=B8re
> hvadsomhelst med den, inklusive overs=C3=A6tte den til kode der f=C3=A5r =
sm=C3=A5
> nisser til at danse rundt om sk=C3=A6rmen og r=C3=A5be ukvemsord ad progr=
amm=C3=B8ren.
>  		-- Henning Makholm om "undefined behaviour"
--=20
Building an operation system without source code,
is like buying a  self assemble space shuttle without
instructions.

--=-aWZs0iiPh6zSBzsBvOPE
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBG4lL9xHXMYglFk4ARAj3/AJ4rmen1DUir/JjV/XuwWJpbZc+RogCgrh8e
OCLzvdptS+HI4hvnoqRGw+k=
=o9HX
-----END PGP SIGNATURE-----

--=-aWZs0iiPh6zSBzsBvOPE--