FATAL SECURITY FLAW - Still No Full Disk Encryption

Discuss non-support related topics related to LMDE.
Forum rules
Before you post please read this

FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby twelph on Sun Jun 09, 2013 4:11 pm

This needs to always be at the top. Having to rely on third party scripts that I can't get to work, or just settle with home partition encryption is just not cutting it anymore. If you happen to be paying attention to the news in the United States lately, our privacy is under constant attack. Having full disk encryption available can no longer be considered a feature, it's a security flaw without it. This is my favorite distribution, but I can no longer accept this omission. I'm switching back to a Debian install and adding the LMDE repository in the meantime.
twelph
Level 1
Level 1
 
Posts: 11
Joined: Sat Jun 01, 2013 11:12 am

Linux Mint is funded by ads and donations.
 

Re: FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby catweazel on Sun Jun 09, 2013 8:47 pm

-1

The world does consist of only the United States.
Mint Testing Team & Mint Donor #3606
KDE 4.12.0, custom preemptive kernel 3.12.5,
Intel i7 4770K @ 4.7GHz, 16GB 2666MHz XMP,
4 Samsung 840 PRO 512GB SSDs in RAID0,
6TB HW RAID10, dual 24" Acer X243H,
Gigabyte nVidia GTX 680 Super Overclock
User avatar
catweazel
Level 7
Level 7
 
Posts: 1656
Joined: Fri Oct 12, 2012 9:44 pm

Re: FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby martensjd on Sun Jun 09, 2013 10:12 pm

I agree that FDE is a must-have feature--a deal-breaker for me. I left Mint for Lubuntu and Xubuntu a year ago over this deficiency, but am now back to Mint because (a) I like Mint and (b) an encrypted LVM is easy to set up--see http://community.linuxmint.com/tutorial/view/1166 for an easy four-step process at install time.

It still strikes me as exceedingly odd that it's not a standard install option. Debian was offering this years ago.
martensjd
Level 1
Level 1
 
Posts: 8
Joined: Mon Dec 12, 2011 7:08 pm

Re: FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby twelph on Mon Jun 10, 2013 1:47 am

catweazel wrote:-1

The world does consist of only the United States.


I assume you mean "The world does not consist of only the United States."

How is this relevant?
twelph
Level 1
Level 1
 
Posts: 11
Joined: Sat Jun 01, 2013 11:12 am

Re: FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby catweazel on Mon Jun 10, 2013 1:53 am

twelph wrote:
catweazel wrote:-1

The world does consist of only the United States.


I assume you mean "The world does not consist of only the United States."

How is this relevant?

My government doesn't spy on its own citizens like yours does. Your premise revolves around what your government does to justify full disk encryption. If you want full disk encryption, install it. Alternatively, wear a tinfoil hat.
Mint Testing Team & Mint Donor #3606
KDE 4.12.0, custom preemptive kernel 3.12.5,
Intel i7 4770K @ 4.7GHz, 16GB 2666MHz XMP,
4 Samsung 840 PRO 512GB SSDs in RAID0,
6TB HW RAID10, dual 24" Acer X243H,
Gigabyte nVidia GTX 680 Super Overclock
User avatar
catweazel
Level 7
Level 7
 
Posts: 1656
Joined: Fri Oct 12, 2012 9:44 pm

Re: FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby twelph on Mon Jun 10, 2013 2:15 am

catweazel wrote:
twelph wrote:
catweazel wrote:-1

The world does consist of only the United States.


I assume you mean "The world does not consist of only the United States."

How is this relevant?

My government doesn't spy on its own citizens like yours does. Your premise revolves around what your government does to justify full disk encryption. If you want full disk encryption, install it. Alternatively, wear a tinfoil hat.


Because my country is the only country to do this, and your country could never possibly do this? Am I being called paranoid for requesting something that is becoming standard in most distributions and required by many businesses? Since when did implementing best security practices equate to tinfoil hat?
twelph
Level 1
Level 1
 
Posts: 11
Joined: Sat Jun 01, 2013 11:12 am

Re: FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby catweazel on Mon Jun 10, 2013 2:22 am

twelph wrote:B<snip>

Would you like me to report you to the moderators for trolling?

A simple yes or no will do.
Mint Testing Team & Mint Donor #3606
KDE 4.12.0, custom preemptive kernel 3.12.5,
Intel i7 4770K @ 4.7GHz, 16GB 2666MHz XMP,
4 Samsung 840 PRO 512GB SSDs in RAID0,
6TB HW RAID10, dual 24" Acer X243H,
Gigabyte nVidia GTX 680 Super Overclock
User avatar
catweazel
Level 7
Level 7
 
Posts: 1656
Joined: Fri Oct 12, 2012 9:44 pm

Re: FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby twelph on Mon Jun 10, 2013 2:36 am

catweazel wrote:
twelph wrote:B<snip>

Would you like me to report you to the moderators for trolling?

A simple yes or no will do.


Yes please. I obviously don't understand the term trolling, and would like a moderator to clarify it for me. Wikipedia must not have all the answers: https://en.wikipedia.org/wiki/Troll_%28Internet%29

I guess someone needs to add "having a disagreement" to that page.
Last edited by twelph on Mon Jun 10, 2013 2:40 am, edited 1 time in total.
twelph
Level 1
Level 1
 
Posts: 11
Joined: Sat Jun 01, 2013 11:12 am

Re: FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby eanfrid on Mon Jun 10, 2013 2:39 am

FDE is neither the only one mean to protect your data privacy nor sufficient by itself to (try to) achieve this goal. If FDE were an installation option it would be fine, of course, but making it mandatory may kill the performances of many older computers.
Main desktop: Debian GNU/Linux Wheezy 64bit w/custom 3.14 longterm kernel - MATE 1.8.1
(i5 2400@3.7GHz - 16GB DDR3 - HD6770 w/radeon driver - SSD+RAID1)
True private storage on SpiderOak
User avatar
eanfrid
Level 7
Level 7
 
Posts: 1853
Joined: Mon Apr 30, 2012 2:49 am
Location: FR

Re: FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby twelph on Mon Jun 10, 2013 2:42 am

eanfrid wrote:FDE is neither the only one mean to protect your data privacy nor sufficient by itself to (try to) achieve this goal. If FDE were an installation option it would be fine, of course, but making it mandatory may kill the performances of many older computers.


No one made any mention of making it mandatory. Only that the distribution has it as an option.
twelph
Level 1
Level 1
 
Posts: 11
Joined: Sat Jun 01, 2013 11:12 am

Re: FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby eanfrid on Mon Jun 10, 2013 2:48 am

Sorry, but "FATAL SECURITY FLAW" and "full disk encryption available can no longer be considered a feature" told me that you did absolutely not consider FDE as an option.
Main desktop: Debian GNU/Linux Wheezy 64bit w/custom 3.14 longterm kernel - MATE 1.8.1
(i5 2400@3.7GHz - 16GB DDR3 - HD6770 w/radeon driver - SSD+RAID1)
True private storage on SpiderOak
User avatar
eanfrid
Level 7
Level 7
 
Posts: 1853
Joined: Mon Apr 30, 2012 2:49 am
Location: FR

Re: FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby twelph on Mon Jun 10, 2013 2:53 am

eanfrid wrote:Sorry, but "FATAL SECURITY FLAW" and "full disk encryption available can no longer be considered a feature" told me that you did absolutely not consider FDE as an option.


Notice the very important word that I bolded.
twelph
Level 1
Level 1
 
Posts: 11
Joined: Sat Jun 01, 2013 11:12 am

Re: FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby kurotsugi on Mon Jun 10, 2013 6:59 am

I'm switching back to a Debian install and adding the LMDE repository in the meantime.

I do agree that LMDE should include FDE as an option for the the installation but IMO this forum isn't the right place. this is a forum mostly for "MINT USER", not "MINT DEVS". if you have any idea/suggestion then I believe the correct place should be here --> http://community.linuxmint.com/
kurotsugi
Level 5
Level 5
 
Posts: 915
Joined: Fri Jan 25, 2013 3:54 am

Re: FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby Oscar799 on Wed Jun 12, 2013 8:22 am

Lively debate is fine but lets not have a flame war
Thanks
Image
"Don't fix it if it ain't broken,don't break it if you can't fix it" Husse
Registered Linux User #511789
User avatar
Oscar799
Level 18
Level 18
 
Posts: 8873
Joined: Tue Aug 11, 2009 9:21 am
Location: United Kingdom

A (Somewhat) Lengthy Reply

Postby MtnDewManiac on Thu Jun 13, 2013 11:08 am

Oscar799 wrote:Lively debate is fine but lets not have a flame war
Thanks


Without trying to fan any flames, and meaning no disrespect to any individuals or countries:

I think it not at all unlikely that the US government devotes at least as many resources toward spying(?), collecting data on, et cetera the citizens - and governments - of other countries as it does on the same activities domestically.

For one, there'd be less (US) laws to have to circumvent (or would have before the P Act was passed, I suppose).

Then there are articles such as this one
Code: Select all
http://www.independent.co.uk/news/uk/politics/prism-scandal-foreign-secretary-william-hagues-vagueness-on-us-spying-fails-to-reassure-mps-and-public-over-covert-gchq-deal-with-nsa-8651896.html

which discusses concerns that the GCHQ (UK Government Communications Headquarters which is the centre for Her Majesty's Government's Signal Intelligence (SIGINT) activities) is getting data from that US federal agency that's been freaking so many people out all of a sudden (said people having just crawled out from under a rock for the very first time, I'm guessing :roll: ) in order to circumvent British laws. That seems completely feasible to me; "data" a commodity that can be bought, sold, or traded for favors. Also... Consider this: In my country - and, I would guess, in at least a few others - if a police officer were to break into a house without a search warrant and discover evidence of a crime, that evidence cannot (legally) be used in a court of law. But if someone else, such as a thief, were to break into that house, discover that same evidence, and disclose it to LEO, then the evidence is considered to be admissible (with the usual debate as to the reliability of the source).

I once read that the US government picked up a sizable portion of the expenses that the telephone companies incurred in spreading the telephone and its infrastructure to other countries because it was a device that made it easier to spy on people. That's probably not true. Probably.

(Finally, it seems logical - at least at this point in time - that there are more non-US entities wishing to do harm to the US than there are US entities wishing to do so. Or, at least, both wishing to and likely to, lol; as someone once stated, "Americans are likely to b!tch and moan... but others are just as likely to quietly reach for the nearest rock.")

That's got me wondering... Which country's random citizen is most likely to be spied upon? And which country's random citizen is most likely to be spied upon by the United States government? (Those questions may well have two different answers, lol.)

- - - - -

DISCLAIMERS:
I am a US citizen.
While I am not thrilled - to put it mildly - about the thought of my government spying on me (or any of my fellow citizens), I seriously doubt that it's a new phenomenon. I'm guessing that governments have been spying - on everyone that they could - since the first minute after the first ever government was formed on this planet. While there may have been a government that did not, any such government probably did not last long enough to leave its mark on history.
I debated posting this for fear that it might be thought to be off-topic; but the fact that a moderator cautioned us to avoid flaming each other but did not at the same time state that the thread was in danger of - or already had - going/gone off-topic, coupled with the fact that ~16.6% of the OP's sentences mentioned a government spying, led me to believe that it would be acceptable to post it.

- - - - -

Somewhat(?) more on-topic content: I think that having an option of full-drive encryption is an idea that has merit. But I do question whether or not such a thing should rightly be the responsibility of those who provide us with our OS. It seems to me that such a thing should be... well... again, meaning no disrespect, but not tied to the OS in any way, shape, or form, and that it ought to be done on a "lower level," just as certain things are done that way, such as much of what is already addressed between the time the user presses the power button and the OS boots. Perhaps somewhere between the "BIOS routines" (I know that's not a technically-accurate term) and the initial boot menu or OS boot phase, perhaps in the BIOS, perhaps even before that.

One last thing to think about (may or may not be off-topic): To everyone that is worried about the NSA and its activities, are you using a distro or kernel (which would be every one from 2.6.0-test3 and above, I believe) that includes Security-Enhanced Linux (SELinux), lol? If so, just who do you think was the original primary developer of it and released it to the open source community in the first place? And do you suppose that the entity that created - and released - it would have done so without either a backdoor, the power to make the "security" in SELinux transparent, or both? Think about it...

EDIT: I meant to include a link to the Wikipedia article on SELinux for those who have never heard the term:
Code: Select all
http://en.wikipedia.org/wiki/Security-Enhanced_Linux


Best regards,
MDM

PS While some level of 'paranoia" is probably healthy for everyone (and it is up to each individual to decide what the proper level is), I have always thought that the one thing that "wearing a tinfoil hat" guarantees... Is to make one much easier to pick out of a crowd, lol.

EDIT: While I'm thinking about it, those of you in the audience who are concerned about (any entity) spying, collecting data, and/or profiling you: How many of you run use a web browser without a good script-blocker installed, therefore allowing every website you visit to run any script it wishes on your computer? How many of you encrypt the signals between your computer and your wireless router? And how many of you use (any facet of) Google? If you think about it, the situation where full-disk/drive encryption is useful is one in which an adversary(?) actually has physical possession of your hard drive - but these other things require no such possession of your hardware.
_____
Proud to be a Mint user. Running 32-bit Mint 14 Xfce (with Xfce 4.10 and 4.12 PPAs). I have the best modern OS and it runs on my really old hardware, lol.
"Change should never be your goal but, instead, only a means to reach your goal."
MtnDewManiac
Level 4
Level 4
 
Posts: 444
Joined: Fri Feb 22, 2013 5:18 pm

FLOSS LUKS/LVM2 installer for LMDE

Postby TomRoche on Fri Apr 11, 2014 9:21 pm

Just to get back on topic: feel free to contribute/fork this LUKS/LVM2 installer for LMDE. I'd definitely like to see the "real" LMDE installer provide this functionality.
TomRoche
Level 3
Level 3
 
Posts: 176
Joined: Thu Jan 13, 2011 2:52 pm

Re: FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby cyb3rc0de on Tue Apr 15, 2014 9:32 am

I must agree. FDE should be listed on installer as an option.
Meh! :P
cyb3rc0de
Level 1
Level 1
 
Posts: 48
Joined: Sun Apr 13, 2014 8:56 am

Re: FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby namarie on Tue Apr 22, 2014 1:09 pm

Is it possible to finance a bounty for this feature ?
namarie
Level 1
Level 1
 
Posts: 2
Joined: Tue Apr 22, 2014 12:46 pm

Re: FATAL SECURITY FLAW - Still No Full Disk Encryption

Postby namarie on Fri Aug 29, 2014 5:10 pm

I know bumping is not very kind but I don't see any about this topic. There are several (not very friendly) outdated how-to about FDE on old version of Mint. There is also a feature request (http://community.linuxmint.com/idea/view/2144) with 'Selected' status.

Is there any news about full disk encryption in default installer for Linux Minut Debian ?
namarie
Level 1
Level 1
 
Posts: 2
Joined: Tue Apr 22, 2014 12:46 pm

Linux Mint is funded by ads and donations.
 

Return to Open Discussion

Who is online

Users browsing this forum: No registered users and 2 guests