[Gllug] To encrypt or not to encrypt . . . at install time?
Nix
nix at esperi.org.uk
Mon Nov 30 22:34:14 UTC 2009
On 30 Nov 2009, Richard Jones uttered the following:
> (3) You live life in the open. ("Down at the nudist colony someone
> could steal my credit card out of my pants when I leave them at the
> door - so what do I need encryption on my laptop for?")
>
> (4) You live in a nuclear bunker on a remote island and if anyone came
> within 5 miles you'd shoot them, _no_ exceptions.
(5) you consider that if someone breaks into your house you've lost
anyway, there are much more important things they can steal than the
contents of $HOME, which they're highly unlikely to want anyway (or even
know how to access). This is vitiated if you have a laptop (I don't
bother to consider those myself because they're agony to type on, but I
know a lot of other people like them for some reason).
(6) encrypted $HOME doesn't actually help if you're using your machine
most of the time it's turned on (which is quite common) or if your
attacker gets in via a vulnerability in e.g. the browser rather than
a network-facing daemon, in which case he *can* only get in if you
are using your machine and your $HOME is decrypted.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list