Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.debian.org > debian-security > 07 > 070027.html (Request Expert lists.debian.org Support)

Re: Encrypting drive

From: Anders Breindahl <skrewz(at)skrewz.dk>
Date: Sun Jul 01 2007 - 21:35:20 EDT


On 200707012022, Vladimir Strycek wrote:
> im curious, i heard that its possible to encrypt drives in debian or any
> linux. But how does it work ? i meen do i have to enter password all the
> time when i wanna to boot server ? or its just for some special partition ?

It depends. You can do whole-system encryption, in which you will be prompted a passphrase at boot time. This is the most secure and is ideal for laptops. To get started, follow the guide in the Debian installer.

In servers, you might want to trust physical security, since whole-system encryption incurs a performance degradation. (However, on a reasonably recent system, you still will be bottlenecked by Fast Ethernet at 100Mb/s).

Other setups involve that you encrypt some partition or LVM LV and manually decrypt this into a running system, from which you can mount the file system that is atop the encrypted device.

However, if you should choose to encrypt only, say /home, you'd need to make sure that data won't ``sieve'' onto the unencrypted parts of the system, such as /tmp or swap space.

And just to restate the obvious: Encrypting and keeping the secret next to the encrypted data is as good for security as not encrypting at all.

Regards, skrewz. 

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Received on Sun Jul 1 21:36:05 2007
Do you need help?X

This archive was generated by hypermail 2.1.8 : Sun Jul 01 2007 - 21:40:03 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library