From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 841E5138010 for ; Tue, 4 Sep 2012 21:19:21 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B2105E045E; Tue, 4 Sep 2012 21:18:12 +0000 (UTC) Received: from mail.digimed.co.uk (82-69-83-178.dsl.in-addr.zen.co.uk [82.69.83.178]) by pigeon.gentoo.org (Postfix) with ESMTP id 53BD8E068F for ; Tue, 4 Sep 2012 21:10:26 +0000 (UTC) Received: from hactar.digimed.co.uk (hactar.digimed.co.uk [192.168.1.3]) by mail.digimed.co.uk (Postfix) with ESMTPSA id 9107D804D9 for ; Tue, 4 Sep 2012 22:10:25 +0100 (BST) Date: Tue, 4 Sep 2012 22:10:25 +0100 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go? Message-ID: <20120904221025.4ea720a9@hactar.digimed.co.uk> In-Reply-To: <50466853.5070704@binarywings.net> References: <504518A3.7000207@binarywings.net> <50464F96.4070508@binarywings.net> <20120904211426.3acc7267@hactar.digimed.co.uk> <50466853.5070704@binarywings.net> Organization: Digital Media Production X-Mailer: Claws Mail 3.8.1cvs42 (GTK+ 2.24.11; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/r5VZ.FLdK4pfRZhjKHuii1D"; protocol="application/pgp-signature" X-Archives-Salt: 0f200dda-d7a3-497a-b2b1-3ae0264a0489 X-Archives-Hash: 559d1b1dae2800731e81e519cfcaca11 --Sig_/r5VZ.FLdK4pfRZhjKHuii1D Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Tue, 04 Sep 2012 22:45:07 +0200, Florian Philipp wrote: > >> I just have to make sure to leave nothing private on root, /usr > >> or /etc. =20 > >=20 > > Like your passwd and shadow files? > *g*, good point. However, I'm willing to take the risk on just these > two: passwd doesn't contain anything of considerable interest. shadow > contains exactly two passwords, both as sha256-sums (or similar, did not > really check). The passwords themselves are in excess of 90 bit entropy, > depending on how you estimate it. >=20 > Most of the rest which might be of interest and is usually in /etc can > be symlinked there from a safe location in /var. I used to do that, but as the number of sensitive directories grew - samba, wicd, etc. - I decided it was less hassle to set up an encrypted / and forget about it. --=20 Neil Bothwick When you go to court you are putting yourself in the hands of 12 people that were not smart enough to get out of jury duty. --Sig_/r5VZ.FLdK4pfRZhjKHuii1D Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlBGbkEACgkQum4al0N1GQPOMgCgkcU/qk3rIdVuvd21Abr9gUqi 8zAAnAuh0LbgiUuEvPVBIrkhYTYPhNmp =cs2A -----END PGP SIGNATURE----- --Sig_/r5VZ.FLdK4pfRZhjKHuii1D--