BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Server/laptop full-disk encryption
- Subject: [Discuss] Server/laptop full-disk encryption
- From: bogstad at pobox.com (Bill Bogstad)
- Date: Wed, 1 Oct 2014 11:10:18 +0200
- In-reply-to: <542B5DBC.2090805@horne.net>
- References: <fb73f4b8a491577a02de5fcaf7779293.squirrel@webmail.ci.net> <de529929c36240babe4229ad818da975@CO2PR04MB684.namprd04.prod.outlook.com> <542B5DBC.2090805@horne.net>
On Wed, Oct 1, 2014 at 3:49 AM, Bill Horne <bill at horne.net> wrote: > On 9/30/2014 9:38 AM, Edward Ned Harvey (blu) wrote: >> >> In linux, I'm not aware of any product that does whole disk encryption >> without needing a power-on password. In windows, Bitlocker uses the TPM to >> ensure the OS gets booted untampered, and then your user logon password and >> OS security are used to prevent unauthorized access. This is truly great to >> protect against thugs and laptop thieves. >> > > No offense, but why would it/ how could it? A laptop thief isn't likely to > be looking for /your/ info, > just an appliance to sell. "Thugs", OTOH, will be able to apply rubber-hose > cryptography if it's > /your/ data they want, and either way having an encrypted hard disk doesn't > seem like a deterrent. Yeah, I was going to post earlier that simply having Linux installed on your laptop is going to protect your data against 99% of random thieves. When they boot it up and find out that it isn't running Windows (they know it's not a Mac), they are going to either toss it in the trash or get their cousin who plays a lot of videos games to just do a reinstall of Windows on it. As for rubber hoses, it is not clear what the threat model is here. On the one hand, we seem to want complete security and on the other hand we are willing to hand out the passphrase to any machine that can retrieve the URL from the local LAN. I will agree with the original poster though that as of the last time I looked (year or so ago), Linux documentation of whole disk encryption seemed to assume that you were trying to hide out from the mob or some 3-letter agency and had a Ph.D in computer science. On the other hand, security is hard with lots of fiddling details. Whether better UIs to the underlying software would help is unclear to me. Bill Bogstad
- Prev by Date: [Discuss] Need speaker and topic for October BLU meeting
- Next by Date: [Discuss] Server/laptop full-disk encryption
- Previous by thread: [Discuss] Need speaker and topic for October BLU meeting
- Next by thread: [Discuss] Server/laptop full-disk encryption
- Index(es):