[Freedombox-discuss] Encrypted root file systems with Mandos
James Vasile
vasile at freedomboxfoundation.org
Fri Mar 9 08:49:38 UTC 2012
On Mon, 5 Mar 2012 07:28:57 +0100, Elena ``of Valhalla'' <valhalla at trueelena.org> wrote:
> On 2012-03-04 at 22:01:44 -0500, James Vasile wrote:
> > Thanks for the thoughts. I've thought about it a bit, and I don't
> > currently see a solution for encrypting storage on a FreedomBox. I hope
> > you make progress that applies to our use case.
>
> What about changing the encryption approach to give an easy interface
> to encrypt user data on a file-per-file basis, with 'encrypt to self'
> as a default?
> That way the system does not need user intervention to boot
> and a password is only needed when an human wants to access
> the file (and he is hopefully available to enter it).
> Of course that way you open yourself to an attack based on
> filenames, for which I'm afraid that the most effective solution
> is user education.
That's not a bad idea for some files. I'm not quite sure how to
implement it in a way that doesn't become a roadblock for users. I'll
keep thinking about it.
-J
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120309/b2fc9635/attachment.pgp>
More information about the Freedombox-discuss
mailing list