On 07/20/2010 03:11 PM, Michael Semcheski wrote: > On Tue, Jul 20, 2010 at 2:27 PM, <J.Witvliet@xxxxxxxxx> wrote: >> Just in general, what's the point in having server-disks (either local or "in-the-cloud" encrypted? >> As soon as you start them up, all we be de-crypted and your system is only protected by normal security measures. >> >> Only usefull purpose might be to give each user their own encrypted backup-storage. >> Something like a remote-tape-device... > > Well, you don't have to store the encryption key with the server. > That means you might have to provide the key when the server boots up, > and obviously that could be problematic (especially in a remote > location.) But it would supplement the physical security of the > server, and prevent someone with unauthorized access from booting with > a live CD and copying data out, or just stealing the server to get to > the data. > > But generally I agree with your point. What may make a lot more sense - is a VM with only /home encrypted - when user gains access - one could also bind mount /tmp from /home/tmp and /var/tmp out of /home/var/tmp ... Be nice to switch swap to encrypted too at that point. This way -the VM can be booted no prob with unencrypted root - but user of VM gets privacy. I would think this would be highly desirable. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
