On Sun, Jun 05, 2005 at 07:30:44AM -0400, Robert Connolly wrote: > How do you guys feel about adding support for encrypting disks to the book? I > know not everyone will use it, maybe some xml magic can help. I foresee four > models: > Green (Low) - Encrypt swap only
If swap is flushed at shutdown, and since it cannot be read unless one is root (or has a mis-configured box), what exactly does swap encryption add other than a false sense of security? > Yellow (Medium) - Encrypt swap, /tmp, /var/tmp, /home, and backup media I can see the usefulness of /tmp, /var/tmp, and /home. I can even see the usefulness of backup media, but that is to assume that the book should handle exactly *how* a system gets backed up so it can dictate how it is encrypted. That, IMO, is well beyond the scope of the book as I don't see how we should dictate backup policy (though we should add a chapter on safe admin practices). Also, one thing to note would be the use of /tmp. If it gets hit regularly on a system, performance will drop, though I would imagine most programs don't need extensive use of it (except for compiling and such which would be silly on such a machine anyway). > Orange (High) - Encrypt everything > Red (Tinfoil helmet) - Encrypt everything and make it deniable No. I'm the one people call paranoid and even I think this is ridiculously overboard. There is a huge performance hit and we aren't targetting a commercial/military grade customer base. -- Archaic Want control, education, and security from your operating system? Hardened Linux From Scratch http://www.linuxfromscratch.org/hlfs -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
