Hi, On Thu, Feb 12, 2009 at 06:40:22PM +0100, Christoph Anton Mitterer wrote: > On Thu, 2009-02-12 at 00:09 +0100, Ingo Klöcker wrote:
> > USB stick and secure? :-) > > Of course. The idea is that you can encrypt everything but the kernel > +initrd, which is needed in order to decrypt the partition (better said, > to set up the dm-crypt mapping). > And an USB stick could be always with you. What is the additional gain to having an unencrypted /boot partition on the same device? As I see it, only "boring" data gets ever written in cleartext to the harddrive then. And if the customs clone my harddrive, they can just try to bruteforce the passphrase, whether the boot partition is encrypted or not. Ah, wait, they can ask me to decrypt the data, so we have to upload those sensitive documents to Google Docs (!) [1]... Best wishes Michael [1] http://www.mobilecomputermag.co.uk/20080805775/how-to-prevent-us-customs-from-peeking-at-your-private-data.html
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users