Arnt Gulbrandsen
About meAbout this blog

Full-disk encryption: Luks and ecryptfs

A brief aside, almost a rant: Ubuntu offers a way to encrypt home directories, ecryptfs. There is also a way to encrypt everything, luks.

Luks is the better alternative.

With ecryptfs, there is only one password: If you can watch my hands when I open my laptop's lid and get some idea of what I'm typing, you can steal the laptop and use brute force to try a hundred thousand similar passwords. Luks uses a separate encryption passphrase which is only entered at boot time. (My lockscreen password is easy to type quickly, my encryption passphrase is long.)

Luks encrypts the entire disk, including all temporary files, excluding only the boot partition. Absolutely everything a regular user can possibly store is encrypted.

Ecryptfs has one advantage over luks: It supports having multiple users that do not really trust each other on the same host.

Indian election machines

Earlier this year Hari K. Prasad and others got hold of an Indian election machine and proved beyond doubt that they can be manipulated. I wrote a long, angry blog post, which I forgot to post. Now I post it, edited to be a less angry and with an added link.

Indian election machines don't suck. They're a great design for Indian elections. The attacks on them (bad seals, etc) also worked against the previous paper-based system. […More…]