[sf-lug] Full Disk Encryption options?

Mon Mar 24 12:29:24 PDT 2008

Quoting Kristian Erik Hermansen (kristian.hermansen at gmail.com):

> That's a great question Tom.  There are a few reasons.  Let's just
> assume for a moment that I only encrypt /home, so that all my user
> data is protected.  I leave for lunch and some guy happens to snag my
> laptop for the hour I am gone.  During this hour, he is able to boot
> my machine with a LiveCD and plant a backdoor libc library that does
> bad stuff.

Back during the 1999 boom, I was chief sysadmin at one of the major-name
Linux startups of the day, which shall go nameless, and a new guy came
aboard as Chief Technical Officer per top-down orders from the VC.  In
theory, this charmer thus became my immediate boss.

I had a very bad feeling about this person, which eventually turned out
to be justified (in spades), and, in particular, had the recurring
impression that he was gaining access to sensitive company information
that he wasn't supposed to have.  His misappropriating _company_ data 
was bad enough, but I found the possibility of his being able to spy on
my _personal_ traffic intolerable.  So, I analysed the situation,
conceptually:  All traffic between my company workstation and my home
server was going over appropriate crypto tunnels, and I had faith in the
integrity of the server and, plus that of the tunnels, but my company
workstation was not 100% under my control:  Its software (Debian) 
_or hardware_ could be in theory gimmicked any time I was away from my
desk.  And, as you know, the security of a crypto tunnel is, at best,
only as good as that of the security of _both_ ends.

So, that was when I bought, used, my very first laptop, a 1998 Sony VAIO
PCG-505FX, which thenceforth I used at my desk for all communication I
wished to be guaranteed unavailable to the CTO's snooping.  If/when I
left my desk, the little VAIO carry-case came with me.  Without
exception.

Whole disk encryption would, you'll note, have not been enough:  The bad
guys having physical access to a machine always means they (can) own it.
So, my solution was:  no physical access for Mr. CTO and his overpaid
squad of flunkies.

(Oh yeah:  I eventually resigned when I could no longer protect my
staff, and the firm's pending IPO was cancelled several months later in
a flurry of litigation and mysterious executive departures.)