On Tuesday 08 March 2005 10:46, David Härdeman <[EMAIL PROTECTED]> wrote: > o Especially on laptops, it might be interesting to also encrypt all of > /home and/or other parts of the harddrive to make the data unusuable > without the USB key. But how to integrate this with the other > requirements?
It seems that this part of your message hasn't been addressed. The best thing to do regarding encryption (IMHO) is to have an encrypted root file system. Boot from a USB device and have an initrd use dm-crypt to decrypt the root file system. A password is not adequate on it's own (anything you can remember can be brute-forced). Get a key from /dev/random and maybe have a password as well. The root file system can contain keys for /home and other file systems. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page