Encrypted home directory
Callum Lerwick
seg at haxxed.com
Wed Dec 24 17:16:42 UTC 2008
On Mon, 2008-12-22 at 18:48 +0200, Nikolay Vladimirov wrote:
> However I find it simpler and safer to use hardware disk
> encryption(from the BIOS config) and a bunch of other thinkpad
> security stuff.
And what makes you think it's safer?
The best info I can dig up is this:
http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-69621
So it seems the encryption is handled completely within the drive
itself. This means it can vary from manufacturer to manufacturer and
even drive to drive. More specifically, it could range from "quite solid
encryption" to "total crap" to "the drive is not encrypting at all and
is just lying to you". Do you have the source code to your drive
firmware?
No matter how good the encryption is, there is still the big unavoidable
hole called the passphrase. How long is your passphrase? What mechanisms
does the drive have to prevent brute forcing the passphrase? Does it
rate limit unlock attempts? Does it self destruct after N failures?
It appears some thinkpads can unlock with a finger scan. Just a finger
scan? Well that's a crock. Your biometric data is just sitting in the
CMOS somewhere, along with the key, waiting to be stolen. Your security
is only as good as its weakest link.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20081224/3f0c9b9c/attachment.sig>
More information about the fedora-devel-list
mailing list