[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 29/11/13 19:32, Daniel Robinson wrote: > The aim is to only leek data by having a gun held to my head. What is the > best method of nailing all data to a disk and only leeking under duress http://xkcd.com/538/ I like your thinking - but ultimately, it's not the dreaded rubber hose you need to worry about, it's this: http://en.wikipedia.org/wiki/Key_disclosure_law#United_Kingdom Refusal leads to a maximum sentence of 2 years, rising to 5 if the "terrorists" keyword is used. 3 people (that we know of) have been prosecuted and sentenced for refusing to disclose since this extremely dubious part of the RIPA was written in. The answer, specifically in the case of a Pi running as a mailserver under Linux, is LUKS. As I said before, cursory research implies that it is possible to encrypt the SD boot volume on the Pi but not owning one, I can't test this. Just remember that full disk encryption will only protect your data at rest: when the system is up and running, the volumes are unlocked and mounted as normal so you're just as vulnerable to good old fashioned remote and local exploits as usual. Let us know how you get on. Cheers -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq