Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Full disk encryption, why bother?



Richard Pieri wrote:
> Tom Metro wrote:
>> Are you using full disk encryption?
> 
> I don't.  I take care of my gear.  I made this statement before: I
> see WDE as enabler for carelessness.

The EFF article I quoted references a prior EFF article on border
crossing inspections. The encouragement to encrypt was more for privacy
than for theft prevention.

As someone who goes through US Customs several times a year, this gives
me some concern, albeit minor. You may think you have nothing to hide,
but why open yourself up to a potential fishing expedition? With the way
copyright laws are trending (see SOPA), it wouldn't surprise me if being
caught with a downloaded broadcast TV show on your computer will someday
 result in felony charges.


> Never mind that I have a pair of Mac Minis playing server.  Sometimes
> they need to be restarted remotely.  Can't do that with WDE.

I guess for that you'd need a console server.


Daniel Feenberg wrote:
> I don't see much point in encrypting data on a network server - if the
> disk is mounted then the plain-text is available to an intruder and the
> addition of an encrypted version doesn't enhance security.

It does if the intruder is physically stealing the disk drive or the
server. This would also likely apply in a government seizure scenario.
They'd likely remove the equipment from the premises first, and attempt
access later. (Though maybe they've wised up to this possibility?0

So yeah, you're guarding against a highly unlikely scenario, but it
still has some benefit.


> I have used Truecrypt, but am put off by the documentation, which
> suggests that the primary purpose of encryption is to avoid police
> inspection. As xkcd pointed out, this is hopeless
> ( http://xkcd.com/538/ ).

[The cartoon makes the point that you can be tortured with a $5 wrench
to give up your password, so your high-tech encryption is pointless.]

But this is what plausible deniability is all about:
http://www.truecrypt.org/docs/?s=plausible-deniability

If you're in a situation where law enforcement *knows* you have
something they want on your disk, you've got bigger problems than your
choice of full disk encryption software. :-)

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org