D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Hardware Encrypted SD


On 29/11/13 19:32, Daniel Robinson wrote:
> The aim is to only leek data by having a gun held to my head. What is the
> best method of nailing all data to a disk and only leeking under duress


I like your thinking - but ultimately, it's not the dreaded rubber hose
you need to worry about, it's this:


Refusal leads to a maximum sentence of 2 years, rising to 5 if the
"terrorists" keyword is used. 3 people (that we know of) have been
prosecuted and sentenced for refusing to disclose since this extremely
dubious part of the RIPA was written in.

The answer, specifically in the case of a Pi running as a mailserver
under Linux, is LUKS. As I said before, cursory research implies that it
is possible to encrypt the SD boot volume on the Pi but not owning one,
I can't test this.

Just remember that full disk encryption will only protect your data at
rest: when the system is up and running, the volumes are unlocked and
mounted as normal so you're just as vulnerable to good old fashioned
remote and local exploits as usual.

Let us know how you get on.


The Mailing List for the Devon & Cornwall LUG
FAQ: http://www.dcglug.org.uk/listfaq