[lug] wireless security back home when in foreign countries

Davide Del Vento davide.del.vento at gmail.com
Sun Nov 29 17:14:41 MST 2009


On Sun, Nov 29, 2009 at 11:50, karl horlen <horlenkarl at yahoo.com> wrote:
>
> - is the encyption automatically automated?  meaning do i have
> to indivually run some procedure to encrypt a file or are all files
> automatically encrypted.  same goes for teh decryption side.
> once i start the netbook for the day, is there a global decryption
> key passphrase or something that UNLocks the files or must i
> type in some kind of auth for every file i open?

I'm not sure I understand your question, but I'll tell what I know about it.
I use an encrypted partition for sensitive stuff on my laptop (e.g. my
~/.ssh is a symbolic link to somewhere in that partition). There isn't
anything boot-sensitive on the encrypted partition, so the machine
boots as usual, and every users (that's always me) logins as usual.

Once logged in, if the user wants to do anything sensitive (e.g. ssh
to a machines with cert-based auth, or read/edit confidential
documents), the encrypted partition must be mounted. I have a shell
script for that, and when I launch it, it asks for root password, and
then for key of the encrypted partition (two different passwords).
Once the partition is mounted, the fact that's encrypted is completely
transparent (= you don't see it, you can't tell: it's just a partition
with some data that users with the proper unix permission can do what
the permission says). If the laptop is lost or stolen, the thief could
boot from USB (this laptop doesn't have a CD/DVD reader) and be root
without knowing any password. The thief can mount regular partitions,
but cannot mount the encrypted partition without knowing its crypto
password (so, in this scenario, this password is even more important
than the root one).

I set the thing up 2 years ago, so I don't remember the details, but I
can dig my notes up, if you need.

Bye,
;Dav



More information about the LUG mailing list