ssh clarification needed

Joel Rees joel.rees at gmail.com
Mon Jan 5 02:26:59 UTC 2009


empirical.

Well, ...

On Jan 5, 2009, at 1:44 AM, Robert L Cochran wrote:

> Mail Lists wrote:
>> On 01/04/2009 11:24 AM, Mike Cloaked wrote:
>>
>>
>>
>>> By the way if your root partition was not encrypted then someone  
>>> with
>>> physical access to your machine could boot into single user mode  
>>> and get
>>> root access - hence encrypting the root partition is probably the  
>>> only way
>>> to avoid that - unless someone knows a different way in?
>>>
>>
>>   Just boot a CD, DVD or USB key I own the whole laptop - as a bad  
>> guy i
>> would prefer to boot my own OS anyway not yours.
>>
> I disagree with this. I know from experimenting that if I boot another
> Linux OS (regardless of media used) and then try to access the data on
> separate a LUKS encrypted device, I can't see that data without
> providing the passphrase.

Be careful to distinguish between "can't see the unencrypted data"  
and "can't see the encrypted data".

> As a matter of fact you are prompted to supply
> the passphrase.

Remember, that's with the standard tools, of course.

> If you boot a Microsoft Windows OS you can't see the
> data anyhow...Microsoft Windows doesn't recognize non-Microsoft
> filesystems such as ext3.

Again, that's with the standard tools.

How much you have to worry about things like that depends a lot on  
what you have on your storage device, of course. Well, I should say,  
it depends on what your opponent thinks you have on the device.




More information about the fedora-list mailing list