Author: Keith Edmunds Date: To: hampshire Subject: Re: [Hampshire] Securing a laptop against theft
On Fri, 21 Aug 2009 20:04:33 +0100, peter@??? said:
> My initial thoughts are to encrypt /home,/tmp and swapspace. But to
> ideally that when the computer is locked (gnome) then the volume is
> re-encrypted until it's locked.
I'm not really sure what you mean by the second sentence above, but I
think I get the drift... The art of (good) security is making it hard
enough for the bad guys but keeping it easy enough for the good guys. How
not to do it, for example, it the way that getting a (legal) replacement
number plate for a car is implemented: you need both the logbook and photo
ID, such as a passport. Or you can get one illegally very easily with
neither. The law abiders jump through lots of hoops: the Bad Men don't
bother.
So what are you trying to achieve? Are you aiming to stop the bad people
reading your credit card numbers, kept in plain text on your laptop, or the
moves planned for Afghanistan for the next couple of months? Or are you
trying to stop your laptop getting stolen? If the latter, no amount of
encryption will help: they'll just reformat the disk and reinstall
something. If the former, you could just encrypt the sensitive data. Or do
you just want to play with some encryption technology for the hell of it (a
perfectly valid desire)? Give that you want to encrypt the swapfile - a
measure that will have a significant impact on swap performance - you
presumably expect your laptop to be targetted by (very) technically
proficient people for some specific purpose, and thus the data on the
laptop must be very valuable to make such work worthwhile. In that case,
simply encrypt the whole disk and be done with it.
