Announcement

Collapse
No announcement yet.

Lennart: Linux Comes Up Short Around Disk Encryption, Authenticated Boot Security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Lennart: Linux Comes Up Short Around Disk Encryption, Authenticated Boot Security

    Phoronix: Lennart: Linux Comes Up Short Around Disk Encryption, Authenticated Boot Security

    Most Linux distributions are currently coming up short from offering adequate security around full disk encryption and authenticated boot. Prominent Linux developer Lennart Poettering even argues that your data is "probably more secure if stored on current ChromeOS, Android, Windows or macOS devices."..


  • #2
    So, is Lennart saying my data is safer in the hands of corporations that spy on users? I totally disagree.

    Comment


    • #3
      Originally posted by tildearrow View Post
      So, is Lennart saying my data is safer in the hands of corporations that spy on users? I totally disagree.
      obviously you are correct.
      but IMHO he doesnt talk about them. he talks about a stolen device or a short term hardware access

      Comment


      • #4
        Originally posted by tildearrow View Post
        So, is Lennart saying my data is safer in the hands of corporations that spy on users? I totally disagree.
        I you lose your Laptop - it certainly is more secure (safe is a different thing). You can just click the link to read was he is saying btw (hint: its technical, so you likely will understand nothing and just post some incoherent ramblings again)

        Comment


        • #5
          First rule to keeping your private data private is assume your system is not somehow magically secure. A very slippery slope.


          Which he is complaining Linux isn't pretending to be.

          Is that really a bad thing tho?

          Comment


          • #6
            My data is more safer on LUKS partition with Arch Linux rather than on Android where i have no control over the OS, and the root is like something "illegal".

            Comment


            • #7
              Instead of stealing your laptop the attacker takes the harddisk from your laptop while you aren't watching, inserts backdoor code on it, and puts it back. In this scenario you won't know your data is at risk, because physically everything is as before. What's really bad though is that the attacker gets access to anything you do on your laptop, both the data already on it, and whatever you will do in the future.
              How do windows or any other OS protect against it, with or without tpm? Is he referring to code added while the computer is booted up? Or some modification to hard disk firmware?

              Comment


              • #8
                Originally posted by StarterX4 View Post
                My data is more safer on LUKS partition with Arch Linux rather than on Android where i have no control over the OS, and the root is like something "illegal".
                Not to mention the underlying chipset and firmware may have Chinese Communist Party censor ware built-in:



                Comment


                • #9
                  Originally posted by ddriver View Post
                  First rule to keeping your private data private is assume your system is not somehow magically secure. A very slippery slope.

                  Which he is complaining Linux isn't pretending to be.

                  Is that really a bad thing tho?
                  I agree, that's a good point. It's like saying C is inherently unsafe and dangerous. Yes, that's why a skilled programmer needs to write C code. Doesn't make the language bad, just means you need to take care.

                  I thought the safe/secure point was good also by an earlier poster.

                  I think the biggest problem with Linux is the "out-of-the-box" implementation for certain things. Windows and Mac obviously get that right, but I don't think it's fair to compare them. Desktop market share for Linux is so minute, that tildearrow's point still stands in my opinion, but again safe/secure in case it gets stolen and in the wrong hands. It's a good conversation to have nonetheless.

                  Comment


                  • #10
                    I strongly agree with Lennart on the per-user encryption - that's something I really like about MacOS, for example, and would love to see in the Linux world as well.

                    Concerning hardware access: I do agree that it should be harder to compromise systems - OTOH, I'd always see a system as compromised once somebody had direct access to it. If some security takes my laptop into a room, they could add all kind of hardware key loggers etc. Just relying on the TPM to stop such attacks could at worst give people a false sense of security. So: yes, let's do better. But let's not tell people that their systems are safe when they are not.

                    Comment

                    Working...
                    X