* Digby Tarvin <[EMAIL PROTECTED]> [2006-07-19 15:58:19 +0100]: > In my opinion it is more secure to keep confidential data in a > dedicated encrypted partition which is only initialised and mounted > when really needed. If you are really paranoid, you can remove your > network connection whenever the secred data is mounted. > > If you have the entire system encrypted and mount everything at boot, > then your data is only safe with the computer is turned off. A hacker > who gains root has everything... > The flipside to that is the cracker that searches journals on journalled filesystems for sensitive data (keys for encrypted partitions, even the sensitive document itself).
A healthy dose of paranoia is in order here. Look at how you plan to manage your encrypted data. -- Cheers, Dave
signature.asc
Description: Digital signature