[sf-lug] Help get Ubuntu LiveCD to have encryption options!
Micah Lee
micahflee at gmail.com
Thu Apr 28 17:49:57 PDT 2011
> Quoting Stefano Maffulli (smaffulli at gmail.com):
> I haven't installed a new version of Ubuntu for a long time: why would one
> need to encrypt the whole disk? IIRC Ubuntu's installer allows to encrypt
> /home partition: do I remember wrong?
Just encrypting /home leaves you vulnerable to lots of attacks that
whole disk encryption protects against. For example, your swap partition
will likely contain private data. Also, most of your software binaries
are in /bin, /sbin, /usr/bin, /usr/sbin, and other similar places. If
you only encrypt /home, an attacker with physical access can modify, for
example, /usr/bin/ssh with a malicious version that sends them all of
your ssh credentials whenever you run that program. Since /etc is not
encrypted, an attacker can add a rootkit and make it start on boot.
Whole disk encryption protects you against these attacks.
On 04/28/2011 05:31 PM, Rick Moen wrote:
> If memory serves: The alternate disk offers that option. The 'desktop'
> disk, the one that boots a live CD desktop with an optional graphical
> installer, does not.
I haven't tried installing Ubuntu from the graphical installer, but I
believe they both give you the option to encrypt /home. But it uses
ecryptfs which leaks metadata and has performance issues with large
directories that luks/dm-crypt does not have.
> I personally always suggest favouring the alternate disk for
> installation, anyway. Its ncurses-based installer program (which is
> Debian's installer) is considerably more robust, controllable, and able
> to be steered around occasional installation potholes. Also faster and
> able to run in much less RAM, for obvious reasons.
The vast majority of Ubuntu users use the desktop CD to install, since
this is recommended to them when they download from ubuntu.com. Really
the only feature that the alternate CD gives me that the desktop CD
doesn't (that I care about) is whole disk encryption, but that's a
deal-breaker feature for me. It's great that the alternate CD exists,
but if we ever hope to make it normal for laptop users to encrypt their
drives, this has be closer to default behavior.
More information about the sf-lug
mailing list