Am 23.10.2023 um 12:04:35 Uhr schrieb Michael Kjörling:
> Encrypted /boot has been supported with GRUB 2 for a while. That
> leaves only a minimal portion of GRUB in plaintext on storage.
Although it is not default, so users should be aware that they need to
do additional steps to encrypt /boot.
On 23 Oct 2023 13:59 +0200, from m...@dorfdsl.de (Marco M.):
> Be aware that the boot loader and the /boot aren't encrypted by default
> and they can be attacked (e.g. simply place a tainted kernel inside) by
> anybody who has access to the harddisk.
Encrypted /boot has been supported with GRUB 2
Am 23.10.2023 um 12:53:14 Uhr schrieb lester29:
> 1. Does an encryption key on the USB protect against rubber-hose
> cryptanalysis?
No, the LUKS headers are viewable. You need another layer around that
supports hidden containers.
> 2. Is it true that key on pendrive is more risky than password
On 23 Oct 2023 12:53 +0200, from leste...@gazeta.pl (lester29):
> 1. Does an encryption key on the USB protect against rubber-hose
> cryptanalysis?
I don't see how it would. Presumably you would have access to it;
therefore that access could potentially be exploited through coercion
or torture. ht
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, May 31, 2017 at 02:02:37PM +0200, Прокси wrote:
[...]
> I followed instructions from this[1] link and it worked.
>
> https://stackoverflow.com/questions/19713918/how-to-load-luks-passphrase-from-usb-falling-back-to-keyboard
Thanks for the l
On 2017-May-29 21:17, to...@tuxteam.de wrote:
> On Mon, May 29, 2017 at 03:36:44PM +0200, Прокси wrote:
> > Hello,
> >
> > I have laptop where I set up full disk encryption following this
> > tutorial:
> > https://xo.tc/setting-up-full-disk-encryption-on-debian-jessie.html
> >
> > It works great
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, May 29, 2017 at 03:36:44PM +0200, Прокси wrote:
> Hello,
>
> I have laptop where I set up full disk encryption following this
> tutorial:
> https://xo.tc/setting-up-full-disk-encryption-on-debian-jessie.html
>
> It works great, but since LUK
On Fri, Nov 25, 2011 at 9:15 PM, J. Bakshi wrote:
> Hello,
>
> I am always interested in Full disk encryption for my laptop ( i5 + 3 GB ),
> but what makes me stop
> is the thinking of performance lag. Recently I have seen an ububtu laptop (
> i5 + 4 GB ) with full
> disk encryption and it is pe
On Tue, Nov 29, 2011 at 12:23:10AM -0700, Aaron Toponce wrote:
> ECB (electronic code block) out performs the other block ciphers,
> but it suffers from a pattern attack [1].
>
> 1. http://ae7.st/s/i.pr
My apologies on the short URL. It is the wrong one. Rather than copy/paste,
I just looked a
J. Bakshi wrote:
>
> Agreed, I also maintain some servers and the swap is on raid.
> I have faced disk failure on some servers and due to raid, I could
> successfully run the server with the single disk and change the
> bad disk with a 30 min. down time.
I am using RAID for more then 7 years now
Am Samstag, 26. November 2011 schrieb J. Bakshi:
> Hello,
>
> I am always interested in Full disk encryption for my laptop ( i5 + 3
> GB ), but what makes me stop is the thinking of performance lag.
> Recently I have seen an ububtu laptop ( i5 + 4 GB ) with full disk
> encryption and it is perform
On Tue, 29 Nov 2011 00:23:10 -0700
Aaron Toponce wrote:
> Because this is a subject near and dear to my heart, I feel the urge to
> chime in.
>
> On Sat, Nov 26, 2011 at 10:45:29AM +0530, J. Bakshi wrote:
> > I am always interested in Full disk encryption for my laptop ( i5 + 3 GB ),
> > but wh
Because this is a subject near and dear to my heart, I feel the urge to
chime in.
On Sat, Nov 26, 2011 at 10:45:29AM +0530, J. Bakshi wrote:
> I am always interested in Full disk encryption for my laptop ( i5 + 3 GB ),
> but what makes me stop
> is the thinking of performance lag. Recently I have
On Mon, 28 Nov 2011 10:24:55 -0700
Bob Proulx wrote:
> Rick Thomas wrote:
> > Another point about using a separate swap vs including swap on the
> > encrypted LVM: On a server, the LVM will almost certainly be on a
> > RAID. There's no point in putting swap on RAID.
>
> Strongly disagree. Th
Rick Thomas wrote:
> Another point about using a separate swap vs including swap on the
> encrypted LVM: On a server, the LVM will almost certainly be on a
> RAID. There's no point in putting swap on RAID.
Strongly disagree. The point of raid is to keep the machine running
in spite of a disk f
On Nov 28, 2011, at 8:48 AM, J. Bakshi wrote:
On Mon, 28 Nov 2011 13:15:59 + (UTC)
Virgo Pärna wrote:
On Mon, 28 Nov 2011 00:59:34 -0500, Rick Thomas
wrote:
Unless you are concerned about growing swap at some later date, you
should leave swap out of the LVM and encrypt it separately
On Mon, 28 Nov 2011 13:15:59 + (UTC)
Virgo Pärna wrote:
> On Mon, 28 Nov 2011 00:59:34 -0500, Rick Thomas wrote:
> >
> > Unless you are concerned about growing swap at some later date, you
> > should leave swap out of the LVM and encrypt it separately -- with a
> > *random* key.
> >
>
>
On Mon, 28 Nov 2011 00:59:34 -0500, Rick Thomas wrote:
>
> Unless you are concerned about growing swap at some later date, you
> should leave swap out of the LVM and encrypt it separately -- with a
> *random* key.
>
I think, that this would not work, if one wants to use hibernation. And
Rick Thomas wrote:
> Bob Proulx wrote:
> >The way I like to set up the system is to set up /boot in its own
> >partition on /dev/sda1. Then set up the rest of the disk in /dev/sda5
> >as a logical partition for an encrypted partition. Then use that
> >encrypted partition for one large LVM volume.
On Nov 26, 2011, at 2:00 AM, Bob Proulx wrote:
The way I like to set up the system is to set up /boot in its own
partition on /dev/sda1. Then set up the rest of the disk in /dev/sda5
as a logical partition for an encrypted partition. Then use that
encrypted partition for one large LVM volume.
On Sun, 27 Nov 2011 09:51:58 -0500
Brad Alexander wrote:
> What about your /etc/shadow file and other config files in /etc?
>
> As I said, I have been running LUKS + cryptsetup on a number of machines
> for years:
>
> my laptop, a C2D P9600 - Built Nov 2010
> my desktop, a C2D E4500 - (Re)built
On Sun, 27 Nov 2011 09:53:21 -0500
Brad Alexander wrote:
> You need your windows in an unencrypted partition. At that point, grub
> should detect it. You should have at least two unencrypted partitions --
> Your windows dual-boot and /boot...And optionally swap, but that would be
> separately enc
You need your windows in an unencrypted partition. At that point, grub
should detect it. You should have at least two unencrypted partitions --
Your windows dual-boot and /boot...And optionally swap, but that would be
separately encrypted.
--b
On Sun, Nov 27, 2011 at 8:18 AM, J. Bakshi wrote:
>
What about your /etc/shadow file and other config files in /etc?
As I said, I have been running LUKS + cryptsetup on a number of machines
for years:
my laptop, a C2D P9600 - Built Nov 2010
my desktop, a C2D E4500 - (Re)built 2007
backup server, a 2GHz P4 - (Re)built 2008
etc...
Nothing has faile
On Sat, 26 Nov 2011 09:11:14 -0500
Andrew Reid wrote:
> I've had an LVM/luks-encrypted root partition (includes everything
> except /boot, on various logical volumes) for several years on two
> different Lenovo Thinkpads, and while I've never done any benchmarks,
> I haven't noticed any perfor
On 2011-11-26, Brad Alexander wrote:
>
> That is the reason I encrypt the entire banana rather than trying to
> encrypt the peel.
Makes sense to me (I guess). I don't need to encrypt anything but my home
directory (certain folders). I think I could do all I need to do with
ccrypt, but I haven't
Indeed I am. For several reasons.
First off, it is the path of least resistance. If I LUKS encrypt the whole
banana, I only need one passphrase or key file for the entire thing. If I
have to manually decrypt a number of filesystems, I end up having to type
multiple passphrases (best security pract
On Sat, 26 Nov 2011 10:18:57 -0500
Brad Alexander wrote:
> Hi,
>
> I have been using full-disk encryption on my laptop for several years over
> several laptops. My current one is a Dell Latitude E6500 with a 2.66GHz
> Core2Duo P9600 with 4GB of RAM, and the lag from encryption is not
> noticeabl
On 2011-11-26, Brad Alexander wrote:
>
> Hi,
>
> I have been using full-disk encryption on my laptop for several years over
> several laptops. My current one is a Dell Latitude E6500 with a 2.66GHz
> Core2Duo P9600 with 4GB of RAM, and the lag from encryption is not
> noticeable.
There's somethin
Hi,
I have been using full-disk encryption on my laptop for several years over
several laptops. My current one is a Dell Latitude E6500 with a 2.66GHz
Core2Duo P9600 with 4GB of RAM, and the lag from encryption is not
noticeable.
The way I did it was from the installer. I created a separate (and
> Hello,
>
> I am always interested in Full disk encryption for my laptop ( i5 + 3 GB ),
> but what makes me stop is the thinking of performance lag. Recently I have
> seen an ububtu laptop ( i5 + 4 GB ) with full disk encryption and it is
> performing normal, haven't found any lag...
>
> So I am
On Sat, 26 Nov 2011 13:00:24 +0530
"J. Bakshi" wrote:
> On Sat, 26 Nov 2011 00:00:05 -0700
> Bob Proulx wrote:
>
> > J. Bakshi wrote:
> > > I am always interested in Full disk encryption for my laptop ( i5 +
> > > 3 GB ), but what makes me stop is the thinking of performance
> > > lag. Recently
On Sat, 26 Nov 2011 00:00:05 -0700
Bob Proulx wrote:
> J. Bakshi wrote:
> > I am always interested in Full disk encryption for my laptop ( i5 +
> > 3 GB ), but what makes me stop is the thinking of performance
> > lag. Recently I have seen an ububtu laptop ( i5 + 4 GB ) with full
> > disk encrypt
J. Bakshi wrote:
> I am always interested in Full disk encryption for my laptop ( i5 +
> 3 GB ), but what makes me stop is the thinking of performance
> lag. Recently I have seen an ububtu laptop ( i5 + 4 GB ) with full
> disk encryption and it is performing normal, haven't found any
> lag...
I ha
34 matches
Mail list logo
