On Monday 01 July 2019 19:42:08 David Wright wrote: > On Mon 01 Jul 2019 at 15:56:14 (-0400), Gene Heskett wrote: > > On Monday 01 July 2019 09:33:35 David Wright wrote: > > > On Mon 01 Jul 2019 at 06:05:52 (-0400), Gene Heskett wrote: > > > > On Monday 01 July 2019 03:52:55 Jonathan Dowland wrote: > > > > > On Sun, Jun 30, 2019 at 12:45:57PM -0400, Gene Heskett wrote: > > > > > >At this point, I'd call it a buster delaying bug. That last > > > > > > is going to cost too many that can't ignore it and don't > > > > > > have unencrypted backups. Thats going to be a lot of very > > > > > > bad PR. > > > > > > > > > > It's the release teams call, generally speaking, and one of > > > > > the things they might factor in is the size of the user-base > > > > > for the troublesome package. I'm surprised to find that it's > > > > > extremely small according to popcon data: less than 1% of > > > > > reporters: > > > > > https://qa.debian.org/popcon.php?package=ecryptfs-utils > > > > > > > > > > Compare just two alternatives: > > > > > > > > > > encfs: 1.14% https://qa.debian.org/popcon.php?package=encfs > > > > > cryptsetup: 15% > > > > > https://qa.debian.org/popcon.php?package=cryptsetup > > > > > > > > That does put a better light on it. From the comments so far, I > > > > was thinking I'm one of the few not using it. I've depended on > > > > dd-wrt between me and the internet for the last 16 years, and > > > > even before that I was on dialup and the dialup folks didn't > > > > have enough bandwidth to attract the black hats, so I've never > > > > been touched. > > > > > > I was under the impression that these two forms of security, > > > firewalls and encryption, are completely orthogonal. Once you've > > > unlocked, say, an encrypted partition, you're now reliant on the > > > firewall to keep strangers out of your files. OTOH a perfect > > > firewall is of no benefit when your laptop is stolen. > > > > > > > With all the publicity this thread has given the issue, I'll > > > > change my mind (as if it matters to the team :) and say adequate > > > > notice and mitigating paths seems to have been given. Those that > > > > are using it I'd call pretty advanced and are reading this list > > > > just for the notices given so they shouldn't be surprised. So > > > > I'll do an Andy Capp and shuddup. > > > > > > The grey area is for me is the relative benefit of encrypting file > > > by file compared with the whole partition. Assuming that there's > > > just one passphrase involved in each scenario, is more protection > > > given by the former method? After all, once a partition is > > > unlocked, all users on the system are able to read all the files, > > > subject to the normal unix permissions, ACLs, etc. > > > > Whole filesystem encryption would be a total non-starter for me. > > Fair enough. Could you reveal why, or are your reasons cryptic too?
No, but if for some reason, say a cerebral accident, I should lose the password, the whole system would be locked away, and that would be unforgivable. And at 84&counting, I've no warranty I'll remember my own name 10 minutes from my hitting send on this message. > > File by > > file with different passwd's according to whats in the file would > > make far more sense to me. Thats my $0.02. > > I can't see how anyone would cope with a scheme like that. How would > you remember all those passwords? By limiting it to probably 2. Normal stuff might just be my user pw, whereas stuff that is truly private might have a 2048 bit hash. > > OTOH I can see that each file must have an individual encryption key, > but the encryption scheme looks after generating those. Otherwise > you would have a large sample of encrypted but known-cleartext files > available for cracking attempts. (Remember that the filenames are not > encrypted, and many files on a system will have entirely predictable > contents, eg much of /usr, your Debian package cache, and so on. Clearly I haven't explored all the ramifications. Its been more of a case of letting my imagination out to play without a chaperone. > Cheers, > David. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis Genes Web page <http://geneslinuxbox.net:6309/gene>
