Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Server/laptop full-disk encryption



On Wed, Oct 1, 2014 at 3:49 AM, Bill Horne <bill at horne.net> wrote:
> On 9/30/2014 9:38 AM, Edward Ned Harvey (blu) wrote:
>>
>> In linux, I'm not aware of any product that does whole disk encryption
>> without needing a power-on password.  In windows, Bitlocker uses the TPM to
>> ensure the OS gets booted untampered, and then your user logon password and
>> OS security are used to prevent unauthorized access.  This is truly great to
>> protect against thugs and laptop thieves.
>>
>
> No offense, but why would it/ how could it? A laptop thief isn't likely to
> be looking for /your/ info,
> just an appliance to sell. "Thugs", OTOH, will be able to apply rubber-hose
> cryptography if it's
> /your/ data they want, and either way having an encrypted hard disk doesn't
> seem like a deterrent.

Yeah, I was going to post earlier that simply having Linux installed
on your laptop
is going to protect your data against 99% of random thieves.   When
they boot it up
and find out that it isn't running Windows (they know it's not a Mac),
they are going
to either toss it in the trash or get their cousin who plays a lot of
videos games to just do
a reinstall of Windows on it.

As for rubber hoses, it is not clear what the threat model is here.
On the one hand,
we seem to want complete security and on the other hand we are willing to hand
out the passphrase to any machine that can retrieve the URL from the local LAN.

I will agree with the original poster though that as of the last time
I looked (year or so ago), Linux documentation of whole disk
encryption seemed to assume that you were trying to hide out from the
mob or some 3-letter agency and had a Ph.D in computer science.  On
the other hand, security is hard with lots of fiddling details.
Whether better UIs to the underlying
software would help is unclear to me.

Bill Bogstad



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org