<div dir="ltr"><br><br><div class="gmail_quote">On Wed, Feb 4, 2009 at 1:10 PM, Meir Michanie <span dir="ltr"><<a href="mailto:meirm@riunx.com">meirm@riunx.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
What about /etc/shadow and other sensitive files? so no encrypting your<br>
root filesystem is also an issue.<br>
<br>
What if you put the hard drive under a very strong magnetic field?</blockquote><div><br>and what if your laptop is stolen ...<br> <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
<div class="Ih2E3d"><br>
> ----- Original Message -----<br>
> Subject: Re: data security<br>
> From: Shachar Shemesh <<a href="mailto:shachar@shemesh.biz">shachar@shemesh.biz</a>><br>
> To: "Orr Dunkelman" <<a href="mailto:orr.dunkelman@gmail.com">orr.dunkelman@gmail.com</a>><br>
> CC: "linux-il" <<a href="mailto:linux-il@cs.huji.ac.il">linux-il@cs.huji.ac.il</a>>,"Erez D" <<a href="mailto:erez0001@gmail.com">erez0001@gmail.com</a>><br>
> Date: 04-02-2009 13:02<br>
><br>
><br>
> Orr Dunkelman wrote:<br>
> ><br>
> ><br>
> > I guess that the configuration may still reveal some secrets (like<br>
> > which hosts are important enough to be in /etc/hosts), but it's better<br>
> > than nothing...<br>
> ><br>
> ><br>
> On my laptop, "most" of the data is not encrypted. I discovered that<br>
> compiling inside an encrypted partition is horrendously slow. Still, I<br>
> do it if the data is sensitive (e.g. - all data and sources belonging to<br>
> clients automatically goes there). I also keep certain important stuff<br>
> there (my email client folder, my documents folder, browser history<br>
> etc.) This is fairly easily achieved with symbolic links.<br>
><br>
</div><div class="Ih2E3d">> Also, keep in mind that some things are automatically generated but<br>
> still sensitive. The most important examples are my bash history file (<br>
> .bash_history under your home directory) and the database for the<br>
> "locate" command (/var/cache/locate). The former shows a history of the<br>
> commands I type, and the later has a list of all files on the system,<br>
> including those inside the encrypted directory.<br>
><br>
</div><div class="Ih2E3d">> This configuration is more dangerous, no doubt, as it is entirely<br>
> possible that I have missed something (do share if you think of<br>
> anything). It works pretty well for me, however.<br>
><br>
> Shachar<br>
><br>
</div><div><div></div><div class="Wj3C7c">> _______________________________________________<br>
> Linux-il mailing list<br>
> <a href="mailto:Linux-il@cs.huji.ac.il">Linux-il@cs.huji.ac.il</a><br>
> <a href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" target="_blank">http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il</a><br>
<br>
_______________________________________________<br>
Linux-il mailing list<br>
<a href="mailto:Linux-il@cs.huji.ac.il">Linux-il@cs.huji.ac.il</a><br>
<a href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" target="_blank">http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il</a><br>
</div></div></blockquote></div><br></div>