Disk encryption and installing new versions of Fedora

[Robin Laing]

Mr.Scrooge wrote:
> --- Robin Laing <Robin.Laing at drdc-rddc.gc.ca> wrote:
> 
>> Mr.Scrooge wrote:
>>> --- Robin Laing <Robin.Laing at drdc-rddc.gc.ca> wrote:
>>>
>>>> Mike wrote:
>>>>> Mike <mike.cloaked <at> gmail.com> writes:

>>
> I don't mean to suggest that encryption is not a worthwhile feature and several good points have
> been made in its defense. However, sensitive information is just that and should be treated as
> such. Encryption requires additional overhead and just because it's seamless to the user doesn't
> mean it should be used for everything. If you deal with sensitive information that is worth
> protecting then its an extra layer of security. That's all it is, an extra layer, too many people
> are under the illusion that encryption is bullet proof. It's not, it can be broken and in fact i
> would count on it. If it makes you sleep better then fine but keep in mind that if they want to
> get around it they can. There are several freely available programs that will boot from a cd and
> tell you the user name and password. They will just log in as the user and have full access
> anyway. Harddrive encryption is a speed bump, useful as part of a good security plan but
> ultimately, in my opinion, no more useful than any other security tool.
> 
> -Max
> 

Good points but every bump is a bump.  That is why I said that I believe 
in multiple layers.

Full disk encryption to make it harder for the "Boot of CD" crowd as 
they then have to enable the encryption and find the pass phrases.

Then user/directory/file encryption tools.  Each one provides more road 
blocks to anybody trying to get to your data without your full 
permission.  And with the recent court decision that it is 
unconstitutional to make someone provide their password (in the US) it 
becomes a better defense to random snooping.

I just want an easier way to start the security.  Just as SELINUX is one 
level of system security.

-- 
Robin Laing