On Fri, 2002-02-01 at 18:44, Gary Hennigan wrote: > What's the best way to encrypt data on your hard drive such that if it > is stolen you have some assurance that they can't get at the data? My > understanding of how cryptography works is limited, but it seems that > public/private key stuff, like GnuPG, wouldn't be sufficient for this > because your secret key is stored on the hard drive and if someone > gets that it's all over. > > I suppose you get generate your key, decrypt the file, and delete the > key, but that seems like a difficult process if you regularly need to > access the data. Any suggestions?
I keep my secret key inside a CFS encrypted file system. If I am not logged on, it is not available to anyone; if I am logged on it is still only available to my login. And if someone stole the machine they would have two levels of encryption to break (CFS and the secret key pass phrase). (Please, everyone, let me know if I am deluding myself!) cfs is a Debian package. -- Oliver Elphick [EMAIL PROTECTED] Isle of Wight http://www.lfix.co.uk/oliver GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C "And be not conformed to this world; but be ye transformed by the renewing of your mind, that ye may prove what is that good, and acceptable, and perfect, will of God." Romans 12:2
signature.asc
Description: This is a digitally signed message part