[Freedombox-discuss] Encrypted root file systems with Mandos

James Vasile vasile at freedomboxfoundation.org
Fri Mar 9 08:49:38 UTC 2012


On Mon, 5 Mar 2012 07:28:57 +0100, Elena ``of Valhalla'' <valhalla at trueelena.org> wrote:
> On 2012-03-04 at 22:01:44 -0500, James Vasile wrote:
> > Thanks for the thoughts.  I've thought about it a bit, and I don't
> > currently see a solution for encrypting storage on a FreedomBox.  I hope
> > you make progress that applies to our use case. 
> 
> What about changing the encryption approach to give an easy interface 
> to encrypt user data on a file-per-file basis, with 'encrypt to self' 
> as a default? 
> That way the system does not need user intervention to boot 
> and a password is only needed when an human wants to access 
> the file (and he is hopefully available to enter it).
> Of course that way you open yourself to an attack based on 
> filenames, for which I'm afraid that the most effective solution 
> is user education.

That's not a bad idea for some files.  I'm not quite sure how to
implement it in a way that doesn't become a roadblock for users.  I'll
keep thinking about it.

-J
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120309/b2fc9635/attachment.pgp>


More information about the Freedombox-discuss mailing list