Encryption on installation
davidsen at tmr.com
Sat Feb 16 20:24:38 UTC 2008
Peter Lauri wrote:
> I have been playing around with Ubuntu installation on a machine and the
> installation of Ubuntu provided an option to encrypt the partition on
> installation. Does the installation of Fedora Core 8 provide this
> option? I need to have all (except boot) encrypted as my laptop needs to
> be brought out of customers facilities.
> Any ideas of this?
My thought is that FC8 is hardly a secret... What needs to be encrypted
is usually found in /home, or /usr/local. If you can restrict the
important data to filesystems which can be mounted after boot.
About crypto: cryptoloop is in Fedora kernels, and is generally enough
to protect against people who steal the laptop for the resale value. Not
enough for pro government or industrial spies. AES-loop doesn't appear
to be in Fedora, at least to FC8, and looking quickly I don't see
Don't know about dm-crypt security, we have a big investment in
cryptoloop, since we release data on encrypted CDs and would have to
update every machine to use a new scheme.
And finally, I would encrypt *really* critical info, like passwords and
certain other things using GPG on a file, even if in a crypto filesystem.
In general current Fedora capabilities are enough for many requirements,
as long as you avoid the bozo user who mounts the crypto filesystem and
then suspends the laptop which is then stolen. No tech will protect you
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the fedora-list