On 12/28/2016 10:22 PM, Carlos E. R. wrote:
On 2016-12-29 04:15, Anton Aylward wrote:
On 12/28/2016 08:02 PM, Carlos E. R. wrote:
Keyboards nowdays are on USB, so you need it in the emergency boot.
Ah yes, many mobos simply don't have the jacks for kbd and mouse any more, its all USB.
Mine does, but the original keyboard died and the replacement is USB. They don't last that long nowdays. ps/2 keyboards are difficult to obtain, and those I found I didn't like.
I guess you don't use an encrypted root.
I don't see the point in encrypting the root. User DATA yes, the programs that are available for download from the repositories and on the DVD - no point in encrypting them.
I didn't see the point initially, either, but there is also data on /etc that can be sensitive. WiFi password, for instance. Then there is /tmp, databases in /var...
While I have every sympathy for put all config in /etc policy, putting unencrypted passwords there is a risk. In general, what's in /etc tends to be world readable. As far as /tmp and /var goes, they are not the RootFS and I can see the logic in having them encrypted while at rest. But that's the issue, isn't it, 'while at rest'. I've mentioned before the boot where an uber-hacker's laptop is stolen while powered up. So long as it stays powered up and active it doesn't matter that the partitions are encrypted. So OK, if you leave your laptop on the seat of your supposedly locked car ... or perhaps from beside you when your attention was elsewhere http://www.dailymail.co.uk/news/article-559178/Military-laptop-stolen-McDona... https://www.theguardian.com/uk/2008/jan/22/politics.military http://arstechnica.com/security/2008/01/uk-military-laptop-theft-exposes-tho... http://www.philly.com/philly/news/20161106_3_laptops_stolen_from_Clinton_cam... But I don't see the point in encrypting the FS or drives of the always-up machines in a data centre or their SMB equivalents. Decommissioned drives, you say? Well if you don't have a policy about scrubbing those or physically destroying them, yes i suppose it is a risk, but that risk has nothing to do with encryption and everything to do with your disposal policy.
I do not encrypt root because it is inconvenient and I do not like the way yast does it, but I do see the point.
Anyway, the distribution has to cater for such a case.
All my site passwords, email passwords, web account details, anything that valuable, all lives under /home.
Perhaps with mobile devices things are different. Certainly there's a LOT of critical stuff on my cell phone!
A laptop is different.
-- History knows no resting places and no plateaus. -- Henry Kissinger -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org