D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Dual Boot Windows 7

 
Surely you realise that on a linux system, there is a *lot* of
interesting data outside of /home: just for a start, /etc is full of
stuff like password hashes and /var/log is ripe for plundering.

I guess it depends on what you're trying to protect. As a home user, I worry more about the contents of my browser history and saved passwords for various cloud services than anything else. I'm less concerned about the contents of /var/logs, but you're totally right about the password hashes, I rather foolishly forgot about those. With those in hand, you lift the password db, crack it on your own hardware and then use my own password to enter the system. It's a little convoluted, but done easily enough.
Â
Imagine your laptop with only /home encrypted is lost or stolen, and not
just to a random crack junkie who'll flog it for Â30. Imagine I stole
it, for example, or just got my hands on it for 30 minutes whilst you
were off to lunch.

As the rest of your post points out, there's very little that can be done if you got your hands on my laptop, but security is really all about gauging the probabilities of risk. I'm pretty sure that if I lost my laptop, the most likely scenario is that it would end up getting flogged for Â20 in the nearest pub, where just the fact that it has linux installed would stop most punters in their tracks.Â
Â
Hopefully you don't have any highly
skilled enemies, and your laptop probably isn't a business laptop with
regulatory control issues or $$$ worth of company secrets or the CIA
asset list on it

Fortunately, I can in fact say that this is the case.
Â
but if you're already actually thinking about using
encryption at all, why stop part way and do a half-arsed job of it?

http://xkcd.com/538/
Â
Unless your laptop is the oldest piece of crap in the world, the
performance hit is negligible (perhaps 1-2% on heavy I/O).

To be honest, the reason I didn't go full disk encryption on the last time I reinstalled my laptop was on account of concerns for the performance hit and an uncertainty of the maturity of full encryption. Judging by your support for full disk encryption, it sounds like both of those concerns were unfounded.Â
Â
Hope that clears that up for you.

Indeed it does, thanks!
-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq