Quoting Allen/Gore/SlackWareWolf
On Mon, 2 Aug 2004 00:54:17 +0200 maarten van den Berg
wrote: On Monday 02 August 2004 00:10, suse@rio.vg wrote:
Quoting maarten van den Berg
: On Sunday 01 August 2004 19:31, Dirk Schreiner wrote:
Hi Ralf,
i totally agree, if you have the Notebook of the Road-Warrior in mind. In this case you schould not forget to configure unmounting of the encrypted FS when going into screen-loc or sleeping Mode.
Hm. That sounds like overly paranoid. And in any case, how do you suppose one would go about umounting my encrypted /home partition when going into screen-lock mode ? You can't, unless you log out completely, which really defeats the whole purpose of locking the screen in the first place...
I don't believe such a step is necessary. You can break the screenlock with Ctrl-Alt-Backspace, but then you're at the X login, still needing a password. If the attacker shuts off or reboots the machine, then the encrypted area is unmounted :-)
Exactly my point. :-) Until someone finds a bug in the locking mechanism, I believe we're quite safe just locking, without umounting the encrypted FS.
Until a Social Engineer walks in and reboots the machine with a bottable CD and grabs all the information they could ever want?
You apparently didn't read the beginning of this thread. We're talking about a system with an ENCRYPTED FILESYSTEM. You'd have to be a REALLY good social engineer to have the CD-Booted system to yourself for the next few years while it runs it's brute-force cracker... :-)