-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2016-12-29 15:29, Anton Aylward wrote:
On 12/28/2016 10:22 PM, Carlos E. R. wrote:
I guess you don't use an encrypted root.
I don't see the point in encrypting the root. User DATA yes, the programs that are available for download from the repositories and on the DVD - no point in encrypting them.
I didn't see the point initially, either, but there is also data on /etc that can be sensitive. WiFi password, for instance. Then there is /tmp, databases in /var...
While I have every sympathy for put all config in /etc policy, putting unencrypted passwords there is a risk. In general, what's in /etc tends to be world readable.
The people that can read /etc while it is mounted do not bother me. They have permission. The people that steal a (powered down) computer or hard disk do.
As far as /tmp and /var goes, they are not the RootFS and I can see the logic in having them encrypted while at rest.
It is easier to encrypt everything than to go hunting around for areas in the hard disk that may or not hold some sensitive material. For instance, about a month or ago I worried about Firefox storing downloaded PDF files, like receipts, for display, somewhere under /tmp with limited permissions. I modified setup so that the temporary directory would be encrypted or under /home. Well, after upgrading to 42.2 the modification disappeared and I have to do it again. If root were encrypted, I would not have to worry about it.
But that's the issue, isn't it, 'while at rest'. I've mentioned before the boot where an uber-hacker's laptop is stolen while powered up. So long as it stays powered up and active it doesn't matter that the partitions are encrypted. So OK, if you leave your laptop on the seat of your supposedly locked car ... or perhaps from beside you when your attention was elsewhere
Yes, I know about that.
But I don't see the point in encrypting the FS or drives of the always-up machines in a data centre or their SMB equivalents.
The point is that hard disks can be stolen; not by chance, but intentionally.
Decommissioned drives, you say? Well if you don't have a policy about scrubbing those or physically destroying them, yes i suppose it is a risk, but that risk has nothing to do with encryption and everything to do with your disposal policy.
Encryption ensures that if by accident the disk is simply disposed, no data can be accessed. Yes, the policy can be "destroy them", but policies can be forgotten. Perhaps the disk develops some failure and can not be accessed, so a rewrite fails, and the person doing it doesn't have a metal scrapper, so when nobody looks just dumps it. Security is about having several layers; full encryption is just one layer more. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlhlqRUACgkQja8UbcUWM1xy8gD/W4PL8R9upk8c9N3mWoMt+f7K g3PrV5lUR43H5nvAjAYBAIbjft9ddIL+K7S2+QxNjBSLqhSvh4PHlXO5iBhF2huF =7O4P -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org