[ltp] Encryption - security?

[Richard Neill]

Dear All,

I wonder whether I might ask your advice on this. My aim is to use 
encryption to ensure that my data on the laptop is secure, even if 
someone steals it, even if they deliberately intend to crack it. I've 
set up the following, which works fine, but I wonder whether it is as 
secure as I think (hope) it is.

1)Set HDD password on laptop - just for extra measure. [However, I 
believe that this password can be bypassed, albeit at some expense].

2)Put /home and /var on separate partitions, mounted as encrypted 
loopback. These are mounted at boot time, and protected by 256bit AES, 
with a  35 character passphrase (albeit all words).

3)Login password is 11 characters.

As I see it:

i)It is secure if stolen while powered off, since the encryption is 
unbreakable without the passphrase. There is nothing important outside 
/home and /var  (nothing useful in /etc, or /root).

ii)While powered on, and with /home mounted, but not logged in, it is 
protected by the login password. This also protects against a network 
attack via ssh.

iii)Once logged in, I am either
    * sitting at it (in which case, not likely to be stolen)
    * running xscreensaver, with the display locked
    * suspended (apm -s) with the display locked.


Is this safe?
In particular, is it safe if stolen while the machine is suspended, with 
/home mounted, but the screen locked?
Is there any (likely) bug in the login program [assuming it's up to 
date?]. ?
Is there any way to crash X without logging me out? (running KDM).


I'll write this all up on the new thinkpad page which will replace this 
one:  http://www.richard.neill.hemscott.net/a22p-mdk9-1.html


Thanks for your advice,

Richard



P.S. Does anyone have a howto for compiling the trackpoint kernel patch 
against the mandrake default kernel? Is there any way I can just compile 
the extra module for my existing kernel? I've read this, and failed to 
understand it!
http://thinkwiki.org/wiki/Patch_to_enable_advanced_trackpoint_configuration