On Sat, 2001-09-29 at 05:12, jfweber@eternal.net wrote:

**** imagine,all of everything that is or was, can be reduced to an equation;less than one inch long *** Morning wizzards , I have a question that I dont find an absolute answer to, so I'm hoping someone can help. Reading thru some tech papaers AND the SuSE.de website , especially their descriptuons of the soon to be released 7.3.. Question one: I wonder if the encryption "drive" they speak of can be added after the installation. I notice they say if one should lose a laptop, for instance , and someone else finds it, they will not even know your encrypted data is on it... although , if the thief is at all competant , he must realsie *something* is hidden there, or the drive would have to report itself as being smaller than it is ???

In any case it seems a good thing to have such a location on any computer to keep those things one might prefer not be published to the entire world. One's credit cards numbers , for example, in the case of medical folks here in the states , where there are new laws being enacted to put your purse and your liberty at risk, should you have patient files on your laptop , and it gets "lost" or stolen , on your way home or to the office ...There are other proffessions where one might have information one is required by law and custom to keep private . Medicine , as I have said, Lawyers , Pharmisists , Financial Planners etc.

QUESTION ONE: The partition is encrypted not hidden, so as you say a competent thief would know that there is another partition, also any partition utility would likely clearly show the partition. There is no secret to the fact that I have an encrypted partition on my laptop. During the boot into Linux there is a point at which the bootup stops and I have to enter my encrypted partition password. If I do not enter the password the the bootup procedure stops. In my view and circumstances this is the way I want it done. Having used the SuSE partition encryption on my laptop I can tell you that it was selectively setup on the installation; actually on the second attempt because I did not set it up in the initial install and could not quickly find how to change a partition to be an encrypted partition after the installation was complete so I reinstalled in order to have an encrypted /home.

Question two: Has any of the Suse folks tested/tried the newest version , and is it complex , or reletively easy ( maybe no moe than three "clicks", or the equivelent ?) We have an oppertuninty here, especially in the states to get at least *some* of those markets.. as long as an overworked , tired, person can use the encrypted "drive" ( or perhaps even just a directory or two?) Many of the "docs" we know are looking for a way off the "upgrade or die" merry-go-round of the "other" OS. They also need to upgrade thier entire office , or practise ... and also need to find a way to keep *casual* workers from getting information off the computers during non Office hours, cleaning staff, temp medical office workers etc. And ( even better, at least some have expresssed a definite interest in Linux , as a general thing , and after a bit of chat , in Suse linux especially.)

QUESTION TWO: Physical security is the first layer of any security system. That means that if someone is using a computer and his entered all the required passwords to be able to freely use the computer and thens leaves the computer unattended and without physical security then the information is at risk. The encrypted partition as setup on SuSE is extremely easy to use on my laptop. I boot the computer, type in the encrypted partition password when prompted and then I have full access to all files on the computer. If I walk away from my computer at that time then temp workers or cleaning staff would be able to access my data. Convenience to the rightful user and absolute security are mutually exclusive. For a multi-user computer I suspect that you would need to have EACH user use a different encrypted partition so that if George logged on to the computer then Sally's data was not at risk (encryption bypassed). I believe SuSE can do this by NOT having the encrypted partition automounted on bootup and then each user would have to mount their personal encrypted partition with their own password. I have not tried this.

As I said, it might be an opertunity to get into that market... But will require some evidence, on ease of use, assitance when needed .. and some encouragement by one or two respected docs to give it a push. I have an entree to the market, if I can get something like the encryption promised in version 7.3 , and also the ease of use of pgp/gpgp (?) for email. TIA y'all Blondely,

PGP/GPG for email are relatively easy to use right now. Most users just do not want to or do not understand their potential exposure vs the ease of PGP. Once PGP/GPG are setup then most email programs only require an additional click or two to have the mail encrypted. Decryption of incoming mail requires the input if your personal passphrase (how else to ensure that only you are reading the mail that was encrypted to you) and then one or two clicks. At this time the most underrated concern regarding the use of encryption in email is the encrytpion of attachments. I personally would rather that if my doctor was sending my personal data to another doctor or facility by email that my personal info (the attachment) be encrypted. The ability to encrypt the attachment is a problem with many email programs. I may be corrected but I believe that only mutt and evolution in linux are emailers that can encrypt the attachments. -- Ralph Sanford - If your government does not trust you, rsanford@telusplanet.net - should you trust your government? DH/DSS Key - 0x7A1BEA01