John C Nash wrote: : Quite separate from the discussion of how to view an encrypted file as : safely as possible, the issue of using an encrypted disk on a laptop is : an interesting and growing topic. Maybe we could get a straw poll here : on the major approaches and pro/con aspects of each, then think of : having a talk or panel at OCLUG meeting. And/Or put something on the wiki.
Before I say anything else: <http://xkcd.com/538/>. Please keep that in mind through all of this. I've been encrypting various partitions (rarely the whole disk) on both laptops and desktops for some time now, and though it effectively achieves the same thing, there are some significant differences in their pros and cons. However, as you've suggested, I'll stick with laptops for the purpose of the discussion -- just pointing out that this can't be blindly applied to desktops. It's also pretty difficult to just do a blind pro/con analysis of this stuff, as much of it can be combined to provide a separate scenario, and the total does not equal the sum of its parts, and the waters can be muddy. For example, I'll use a password for my GPG key, but not for my disk. What does this mean if I use my GPG key as my disk encryption keyfile? Or if I encrypt my disk encryption keyfile with my GPG key? Full Disk Encryption - Where the whole drive is encrypted Pro Encrypts the whole disk. No risk of plaintext leakage. Any offline attempts to read the drive will always result in the need to decrypt. Con Who cares if / and /usr are encrypted? So long as /home, /tmp, and swap are, what does it matter? The overhead of full disk encryption is not trivial, and the gains are minimal as compared to a sensible partial-disk encryption. Personally, I don't like having to carry around a boot USB stick with me wherever I go. Partial Disk Encryption - Where only select partitions are encrypted Pro When appropriate partitions are encrypted -- at a minimum, /home, /tmp, and swap, and probably /var as well -- the risk of plaintext leakage is extremely minimal. Plus all sensitive data is guaranteed to be encrypted, so any offline attack against sensitive data would result in the need to decrypt. Con There is still a risk for information leakage. In some circumstances, core dumps can be written to the raw swap device, bypassing encryption. I can't really think of any other con specific to this situation. Per-user Disk Encryption - Where home directories are encrypted per-user Pro No extra passwords to manage, as these are usually tied to the system password. Separates user data, so user A can't see user B's stuff. Con The password is usually tied to the system password. If user A and user B are online at the same time, they have full access to each other's data (within normal system operating procedures). Any Disk Encryption Pro Protects the data against all offline reading attempts. Con Only protects the data against offline reading attempts. Then there's the whole cold-boot method, which could easily reveal any encryption keys, resulting in all listed pros above being negated. Note This is a particularly interesting topic to discuss, as disk encryption doesn't do what most people think it does. Like anything else, a clear definition of your threat model will help you understand what disk encryption can do for you, and what it can't. File Encryption - Where important files are encrypted, not disks Pro Files are decrypted on an as-needed basis. When properly configured, information leakage is about on-par with partial disk encryption. The only solution to protect against online attacks as well as offline. Files can be sent around the 'Net without worry of exposing sensitive data. Con Nigh impossible to configure such that no information is leaked anywhere, and near requires an encrypted swap and /tmp. Rarely uses a keyfile, so usually requires entering a password any time decryption is required, usually resulting in the use of an agent, which is a whole other can of worms. Any Encryption Pro Protects you against the Bad Guys. Con Cold boot attacks. Rarely protects you in the way you hoped it would. If a serious attack is performed, breaking the key is not likely to be the approach. Likely only really protects you against idle attacks, or loss of hard drive. Note This ranks a close second in interesting topics in this area. Password - Where the encryption key is a password Pro Simple, straightforward, and there's nothing to lose (so long as you remember your password). Con Easier to provide less-than-required security for the data. Passwords have a reputation for being weak, and unless appropriate hashing or other preparation is done against the password, it's possible to wind up with an extremely weak encryption. Keyfile - Where the encryption key is a file Pro Significantly more secure. Significantly lower risk of being weak. Con Easier to lose. Difficult to generate a truly random keyfile. Easier to fool yourself into a false sense of security. Your Disk Encryption Implementation - Both what you use, and how you use it Pro You know how it works, and it protects you well. Con You don't really know how it works, you just think you do. If it doesn't use XTS mode, chances are, it has some fundamental architectural issues. Key protection is rarely done well. And cryptanalysis on disk-encryption software is far from thorough. There are more topics in this area, but I'll leave it there. Hopefully this will kick off some discussion. Here's a more direct question to the list: What do you encrypt, and why? _______________________________________________ Linux mailing list Linux@lists.oclug.on.ca http://oclug.on.ca/mailman/listinfo/linux
