---- Original message ---- >Date: Mon, 15 May 2006 18:52:38 +1000 >From: glymr <[EMAIL PROTECTED]> >Subject: Re: Some legal trouble with TOR in France >To: or-talk@freehaven.net > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: RIPEMD160 > >Matej Kovacic wrote: >> Hi, >> >> this could also be a good idea: >> http://www.ubuntuforums.org/showthread.php?t=120097&highlight=cryptsetup >> >> encryption of harddrives from the scratch. >> >> However, I would create a small partition where there will be keys >> (files) for decryptig root and home partitions. This small partition >> would be encrypted by passphrase. That means you can easily (well... >> :-//) change your passphrase for the system (just re-encrypt this small >> partition with keyfiles againg). >>
i am to understand that it's a bit of a mess to have the root partition of any *nix machine encrypted. netbsd's cgd is pretty solid, provided one only puts sensitive data on it post cgd setup. cgd only works for non-root partitions. >> The only critical software part is then /boot partition. But you can >> always fill the /boot up to 100% with random data and run Tripwire >> integrity checking on it. If it is full, it is hard to write additional >> code on it. And if you do integrity checking, you can easily discover if >> something changed. >> >> I am planning to write a small setup guide for cryptsetup on Dapper >> version of Ubuntu Linux. >> >> bye, Matej > >ever heard of cryptfs_luks?
