Password

[Jordon Bedwell]

On Thu, 2010-10-14 at 11:37 +0100, David Fletcher wrote:
> On Thursday 14 Oct 2010, Thierry de Coulon wrote:
> > 
> > Each one has to define risks and security for his own situation. I would 
> > _never_ encrypt my system (a partition maybe) because the risk of being 
> > locked out of my data is way bigger for me than the (fairly remote) risk of 
> > someone sneeking into my data (to find what?).
> > 
> > If I were rich or if I had very valuable data it would be different.
> > 
> > Most of our data anyway are probably protected only by the user password 
> so...
> > 
> > Thierry
> > 
> 
> I think I would say that the single most valuable and sensitive file on my 
> computer is my KDE wallet. That, I am assured, is securely encrypted by my 
> pass phrase. I don't know if there is an equivalent facility available in 
> gnome - I've not been playing with it for long enough - or export/import 
> facilities to move my passwords from one to the other.
> 
> Encrypting whole directories of information that don't necessarily need such 
> protection seems to me to be complete folly.

You can lock out single user mode, you can lock out entering kernel
options, you can password protect single user mode (with some run level
trickery.)  You can lock out all grub super user options with a password
while allowing normal boot without a password.

Most of your user information is NOT protected by your password.  Raise
your hand if you use Pidgin.  Whoop, stole your passwords. You use
Firefox and store passwords in there? Whoop, stole your passwords.
Information protection is ultimately up to you, because only you can
decide what is important information.  Directory permissions mean ass
when I can just reboot into single user mode.

Whole disk encryption isn't needed by everybody, but home folder
encryption is a good idea. There are some vulnerabilities to it, but
those are easily fixed by creating per user temp folders and per user
swap files.