On 10/18/2016 11:56 AM, Bruno Friedmann wrote:
The full disk encryption is the first layer that allow me to be not worried about a rought steal of the laptop.
LOL! Yes, the theft of a turned off laptop, and there have been many examples of that, including laptops stolen from the cars of high ranking government ministers in many counties, is a valid use-case. You may want, however, to check out a novel by John Stanford that I read two years ago: "The Hanged Man's Song". The plot revolves around a theft of a laptop (and the murder of the owner, a house-bound veteran in a wheelchair, who is also an ace hacker. The theft occurs while the laptop is in use and although the disk in encrypted, because its in use, the files are all accessible. The theft keeps the laptop powered and uses it to blackmail various other people the hacker was in touch with. As with so many 'hacker' novels, many details are overblown, what's possible (given enough time, computing power, social contacts etc) and what's practical are conflated mercilessly. But the basic point is valid: if you're using the laptop then you've entered the encryption key then its accessible. You need another lay of protection -- in the case of Sandford's novel a password protected screen saver would have done the job :-) And lets face it, a password protected screen saver is a de-facto control even for desktops in many settings. I may be the only person in the house, but what if the cat decides to sleep on the keyboard? I don't need an encrypted disk on my home desktop system, and the same applies in many business settings, not least of all to the 'always on' servers. But encrypting backups ... that's a different matter. (Of course that then gets into the conundrum of 'Key Management'.) Of course there are all the standard caveats about protecting encryption keys, in particular this point from my DatabaseOfDotSigQuotes: Over the last few centuries, mathematicians have demonstrated a remarkable tendency to underestimate the cryptanalytic powers of blunt and heavy objects. -- Jamie Reid, CISSP -- Amateurs hack systems, professionals hack people -- Bruce Schneier -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org