:: Re: [DNG] some ASCII issues
Inizio della pagina
Delete this message
Reply to this message
Autore: Didier Kryn
Data:  
To: dng
Nuovi argomenti: [DNG] Full disk encryption (was Re: some ASCII issues)
Oggetto: Re: [DNG] some ASCII issues
Le 28/06/2017 à 20:33, Rick Moen a écrit :
> Quoting Didier Kryn (kryn@???):
>
>>      I don't see any reason to encrypt /usr. You might like to
>> encrypt /etc because it contains user names and (already encrypted)
>> passwords. But definitely there is no reason to encrypt everything.
> /home would be where I keep anything that's sensitive.  I'm unclear on
> why usernames in /etc are deemed sensitive, but I'm sure needs differ.

>
> Temporary files in /tmp are sometimes a little sensitive and sometimes
> greatly so. (It's usually a tmpfs on my systems.) Operational paranoia
> suggests keeping it at least cleaned up frequently, if you're going to
> bother to have /home as a dmcrypt filesystem. That's where tmpfs is
> actually helpful in the sense that erasure means a file from there is
> truly gone.


     Sure /home is the first place one thinks of encrypting and /tmp is 
the second, together with possible other fancy dirs. Encrypting passwd 
and the like would just add a little of security-through-obscurity by 
even hiding the usernames; this is why I considered /etc as a third 
(non-obvious) thing to encrypt; /etc also contains every local 
configuration, and it might make sense to hide it all.


     To simplify, all of /home and /tmp aren't really part of the OS. 
The OS can boot without them. All the rest is the OS and is the same as 
any other install of the same OS; and there isn't any reason to encrypt 
something which is published and widespread.


     Didier