[Cryptography] Speeding up Linux disk encryption
Rick Smith
me at cys.me
Sat Apr 10 12:39:01 EDT 2021
Regarding disk encryption and access control, Bear notes:
> While the system is running, the disk is mounted, the process of
> encrypting or decrypting is abstracted away, and every bit of malware
> that works on unencrypted systems works just fine on encrypted systems.
> Basically the encryption provides no protection beyond the first login
> where the disk is mounted. .....
Truth.
> Disk encryption that actually provides the protections people think disk
> encryption provides would require a whole new filesystem type, a whole
> new OS mostly organized around key management, ....
I doubt generic people (as opposed to some techies) distinguish that much between crypto and software-enforced access control.
It’s also not clear that a crypto-oriented mechanism would be more trustworthy than non-crypto software-based access control. You will rely on software access control to manage the keys.
If I were going to try to do it, I’d use SELinux separation and associate keys with the zones/domains.
Rick.
More information about the cryptography
mailing list