[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Encrypted home directory

On Tue, 2008-12-23 at 02:58 -0600, Bruno Wolff III wrote:
> On Tue, Dec 23, 2008 at 09:27:56 +0100,
>   Ralf Corsepius <rc040203 freenet de> wrote:
> > The rationale for wanting a completely encrypted system has always
> > escaped me, esp. when being on a multi-user system.
> Full disk encryption isn't meant to protect the system from authorized
> users. It's meant to protect the system from people who get their hands
> on the hardware.
I don't buy this. Even in this case, you actually will want to
protect/encrypt sensitive data, not the whole disk.

In most cases this would be passwds, ssh-keys and certain sensitive

Of cause, you can achieve this by "whole disk encryption", but I would
call this to be the "big hammer". Suitable for personal-laptops, but
widely silly on desktops.

> To protect against other users, you probably want to use selinux.
SELinux is aiming at shielding the system against mal-ware and against
applications misbehaving. 

It does not help against unauthorized access on personal data, such as
your personal on-line banking account access data, ssh-keys or
confidential documents and similar.

Similarly, encryption of supposed to be universally, globally accessable
files (such as much of the OS) is widely meaningless. It doesn't buy you


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]