Hibernation and secret keys
mkesper at schokokeks.org
Fri Feb 13 10:58:48 CET 2009
On Thu, Feb 12, 2009 at 06:40:22PM +0100, Christoph Anton Mitterer wrote:
> On Thu, 2009-02-12 at 00:09 +0100, Ingo Klöcker wrote:
> > USB stick and secure? :-)
> Of course. The idea is that you can encrypt everything but the kernel
> +initrd, which is needed in order to decrypt the partition (better said,
> to set up the dm-crypt mapping).
> And an USB stick could be always with you.
What is the additional gain to having an unencrypted /boot partition on
the same device? As I see it, only "boring" data gets ever written in
cleartext to the harddrive then.
And if the customs clone my harddrive, they can just try to bruteforce the
passphrase, whether the boot partition is encrypted or not.
Ah, wait, they can ask me to decrypt the data, so we have to upload those
sensitive documents to Google Docs (!) ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 315 bytes
Desc: Digital signature
More information about the Gnupg-users