Encrypt

[LINICKX]

Thanks Alexander for the link, I think Michael might be right, as far
as, having a "nice user" setup for FULL disk encryption may be a way
off yet !

I'll stick to mounting volumes when I need them ! ;o)


On Wed, 22 Sep 2004 11:01:09 +1000, Michael Hart <mixstat at bigpond.net.au> wrote:
> Alexander Dalloz wrote:
> > Am Mo, den 20.09.2004 schrieb Dalibor Malek um 0:39:
> >
> >
> >>Is it possible to somehow encrypt the whole hard disk in a manner that
> >>the whole system, copying(from my scripts) and so on have full access,
> >>but if someone wants to connect to the machine this is not granted
> >>except he knows the right password(I know this is already done with
> >>ssh1), but also if some one opens a terminal he muss give in the
> >>password to access all files.
> >
> >
> > I do not understand this part of your posting. Besides ssh1 is obsolete
> > and you should always use ssh protocol 2, Linux always requires
> > authentication for a login process. Someone who is able to open up a
> > terminal has already authenticated. Or what case do you mean?
> >
> >
> >>The same should be if someone wants to copy the hard disk, only if he
> >>knows the password he can succeed else the only thing he gets is garbage.
> >>Is there something like that?
> >
> >
> > The kernel 2.6 meanwhile has encryption modules by default, so does the
> > Fedora Core 2 kernel. Recently on the developer list was a discussion
> > about how to use this with device-mapper to have a totally encrypted
> > system.
> 
> I have a couple of  partitioned encrypted with device mapper and the 2.6
> kernel encrypting file system. I may be wrong but i do not think it can
> encrypt an entire hard disk but only the individual partitions in the
> hard disk.  The partition information is still not encrypted.  It
> appears to be to me (as a mere user) simply an enryption layer
> underneath a normal file system.
> 
> As such I do not think it encrypts the swap partition (which is a
> potential security flaw) and I don't know how to get it to encrypt the
> boot partition (as the boot image needs to be readable to load then it
> needs to be able to decrypt the other file systems).
> 
> In my situation I am not overly concerned about these deficiencies.  In
> fact I do not want to encrypt the OS incase I need to boot from the
> repair disk and fix the OS.  Howevert if there are any pointers how to
> overcome the deficiencies I would be interested in reading them.
> 
> As far as I can tell you need to be superuser to run dm-crypt and mount
> the resulting filesystems.  This means once this is done the data on
> those filesystems is available for all users with sufficient
> permissions.  This is not what the OP wanted as far as I can interpret.
>  They want it to only be available for one user and hidden from all
> other users.
> 
> >>Dalibor Malek
> >
> >
> > Alexander
> 
> 
> >
> >
> >
> 
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>