FATAL SECURITY FLAW - Still No Full Disk Encryption
Forum rules
LMDE 2 has reached end of support as of 1-1-2019
LMDE 2 has reached end of support as of 1-1-2019
FATAL SECURITY FLAW - Still No Full Disk Encryption
This needs to always be at the top. Having to rely on third party scripts that I can't get to work, or just settle with home partition encryption is just not cutting it anymore. If you happen to be paying attention to the news in the United States lately, our privacy is under constant attack. Having full disk encryption available can no longer be considered a feature, it's a security flaw without it. This is my favorite distribution, but I can no longer accept this omission. I'm switching back to a Debian install and adding the LMDE repository in the meantime.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
- catweazel
- Level 19
- Posts: 9763
- Joined: Fri Oct 12, 2012 9:44 pm
- Location: Australian Antarctic Territory
Re: FATAL SECURITY FLAW - Still No Full Disk Encryption
-1
The world does consist of only the United States.
The world does consist of only the United States.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
Re: FATAL SECURITY FLAW - Still No Full Disk Encryption
I agree that FDE is a must-have feature--a deal-breaker for me. I left Mint for Lubuntu and Xubuntu a year ago over this deficiency, but am now back to Mint because (a) I like Mint and (b) an encrypted LVM is easy to set up--see http://community.linuxmint.com/tutorial/view/1166 for an easy four-step process at install time.
It still strikes me as exceedingly odd that it's not a standard install option. Debian was offering this years ago.
It still strikes me as exceedingly odd that it's not a standard install option. Debian was offering this years ago.
Re: FATAL SECURITY FLAW - Still No Full Disk Encryption
I assume you mean "The world does not consist of only the United States."catweazel wrote:-1
The world does consist of only the United States.
How is this relevant?
- catweazel
- Level 19
- Posts: 9763
- Joined: Fri Oct 12, 2012 9:44 pm
- Location: Australian Antarctic Territory
Re: FATAL SECURITY FLAW - Still No Full Disk Encryption
My government doesn't spy on its own citizens like yours does. Your premise revolves around what your government does to justify full disk encryption. If you want full disk encryption, install it. Alternatively, wear a tinfoil hat.twelph wrote:I assume you mean "The world does not consist of only the United States."catweazel wrote:-1
The world does consist of only the United States.
How is this relevant?
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
Re: FATAL SECURITY FLAW - Still No Full Disk Encryption
Because my country is the only country to do this, and your country could never possibly do this? Am I being called paranoid for requesting something that is becoming standard in most distributions and required by many businesses? Since when did implementing best security practices equate to tinfoil hat?catweazel wrote:My government doesn't spy on its own citizens like yours does. Your premise revolves around what your government does to justify full disk encryption. If you want full disk encryption, install it. Alternatively, wear a tinfoil hat.twelph wrote:I assume you mean "The world does not consist of only the United States."catweazel wrote:-1
The world does consist of only the United States.
How is this relevant?
- catweazel
- Level 19
- Posts: 9763
- Joined: Fri Oct 12, 2012 9:44 pm
- Location: Australian Antarctic Territory
Re: FATAL SECURITY FLAW - Still No Full Disk Encryption
Would you like me to report you to the moderators for trolling?twelph wrote:B<snip>
A simple yes or no will do.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
Re: FATAL SECURITY FLAW - Still No Full Disk Encryption
Yes please. I obviously don't understand the term trolling, and would like a moderator to clarify it for me. Wikipedia must not have all the answers: https://en.wikipedia.org/wiki/Troll_%28Internet%29catweazel wrote:Would you like me to report you to the moderators for trolling?twelph wrote:B<snip>
A simple yes or no will do.
I guess someone needs to add "having a disagreement" to that page.
Last edited by twelph on Mon Jun 10, 2013 2:40 am, edited 1 time in total.
Re: FATAL SECURITY FLAW - Still No Full Disk Encryption
FDE is neither the only one mean to protect your data privacy nor sufficient by itself to (try to) achieve this goal. If FDE were an installation option it would be fine, of course, but making it mandatory may kill the performances of many older computers.
Re: FATAL SECURITY FLAW - Still No Full Disk Encryption
No one made any mention of making it mandatory. Only that the distribution has it as an option.eanfrid wrote:FDE is neither the only one mean to protect your data privacy nor sufficient by itself to (try to) achieve this goal. If FDE were an installation option it would be fine, of course, but making it mandatory may kill the performances of many older computers.
Re: FATAL SECURITY FLAW - Still No Full Disk Encryption
Sorry, but "FATAL SECURITY FLAW" and "full disk encryption available can no longer be considered a feature" told me that you did absolutely not consider FDE as an option.
Re: FATAL SECURITY FLAW - Still No Full Disk Encryption
Notice the very important word that I bolded.eanfrid wrote:Sorry, but "FATAL SECURITY FLAW" and "full disk encryption available can no longer be considered a feature" told me that you did absolutely not consider FDE as an option.
Re: FATAL SECURITY FLAW - Still No Full Disk Encryption
I do agree that LMDE should include FDE as an option for the the installation but IMO this forum isn't the right place. this is a forum mostly for "MINT USER", not "MINT DEVS". if you have any idea/suggestion then I believe the correct place should be here --> http://community.linuxmint.com/I'm switching back to a Debian install and adding the LMDE repository in the meantime.
Re: FATAL SECURITY FLAW - Still No Full Disk Encryption
Lively debate is fine but lets not have a flame war
Thanks
Thanks
-
- Level 6
- Posts: 1491
- Joined: Fri Feb 22, 2013 5:18 pm
- Location: United States
A (Somewhat) Lengthy Reply
Without trying to fan any flames, and meaning no disrespect to any individuals or countries:Oscar799 wrote:Lively debate is fine but lets not have a flame war
Thanks
I think it not at all unlikely that the US government devotes at least as many resources toward spying(?), collecting data on, et cetera the citizens - and governments - of other countries as it does on the same activities domestically.
For one, there'd be less (US) laws to have to circumvent (or would have before the P Act was passed, I suppose).
Then there are articles such as this one
Code: Select all
http://www.independent.co.uk/news/uk/politics/prism-scandal-foreign-secretary-william-hagues-vagueness-on-us-spying-fails-to-reassure-mps-and-public-over-covert-gchq-deal-with-nsa-8651896.html
I once read that the US government picked up a sizable portion of the expenses that the telephone companies incurred in spreading the telephone and its infrastructure to other countries because it was a device that made it easier to spy on people. That's probably not true. Probably.
(Finally, it seems logical - at least at this point in time - that there are more non-US entities wishing to do harm to the US than there are US entities wishing to do so. Or, at least, both wishing to and likely to, lol; as someone once stated, "Americans are likely to b!tch and moan... but others are just as likely to quietly reach for the nearest rock.")
That's got me wondering... Which country's random citizen is most likely to be spied upon? And which country's random citizen is most likely to be spied upon by the United States government? (Those questions may well have two different answers, lol.)
- - - - -
DISCLAIMERS:
I am a US citizen.
While I am not thrilled - to put it mildly - about the thought of my government spying on me (or any of my fellow citizens), I seriously doubt that it's a new phenomenon. I'm guessing that governments have been spying - on everyone that they could - since the first minute after the first ever government was formed on this planet. While there may have been a government that did not, any such government probably did not last long enough to leave its mark on history.
I debated posting this for fear that it might be thought to be off-topic; but the fact that a moderator cautioned us to avoid flaming each other but did not at the same time state that the thread was in danger of - or already had - going/gone off-topic, coupled with the fact that ~16.6% of the OP's sentences mentioned a government spying, led me to believe that it would be acceptable to post it.
- - - - -
Somewhat(?) more on-topic content: I think that having an option of full-drive encryption is an idea that has merit. But I do question whether or not such a thing should rightly be the responsibility of those who provide us with our OS. It seems to me that such a thing should be... well... again, meaning no disrespect, but not tied to the OS in any way, shape, or form, and that it ought to be done on a "lower level," just as certain things are done that way, such as much of what is already addressed between the time the user presses the power button and the OS boots. Perhaps somewhere between the "BIOS routines" (I know that's not a technically-accurate term) and the initial boot menu or OS boot phase, perhaps in the BIOS, perhaps even before that.
One last thing to think about (may or may not be off-topic): To everyone that is worried about the NSA and its activities, are you using a distro or kernel (which would be every one from 2.6.0-test3 and above, I believe) that includes Security-Enhanced Linux (SELinux), lol? If so, just who do you think was the original primary developer of it and released it to the open source community in the first place? And do you suppose that the entity that created - and released - it would have done so without either a backdoor, the power to make the "security" in SELinux transparent, or both? Think about it...
EDIT: I meant to include a link to the Wikipedia article on SELinux for those who have never heard the term:
Code: Select all
http://en.wikipedia.org/wiki/Security-Enhanced_Linux
MDM
PS While some level of 'paranoia" is probably healthy for everyone (and it is up to each individual to decide what the proper level is), I have always thought that the one thing that "wearing a tinfoil hat" guarantees... Is to make one much easier to pick out of a crowd, lol.
EDIT: While I'm thinking about it, those of you in the audience who are concerned about (any entity) spying, collecting data, and/or profiling you: How many of you run use a web browser without a good script-blocker installed, therefore allowing every website you visit to run any script it wishes on your computer? How many of you encrypt the signals between your computer and your wireless router? And how many of you use (any facet of) Google? If you think about it, the situation where full-disk/drive encryption is useful is one in which an adversary(?) actually has physical possession of your hard drive - but these other things require no such possession of your hardware.
Mint 18 Xfce 4.12.
If guns kill people, then pencils misspell words, cars make people drive drunk, and spoons made Rosie O'Donnell fat.
If guns kill people, then pencils misspell words, cars make people drive drunk, and spoons made Rosie O'Donnell fat.
FLOSS LUKS/LVM2 installer for LMDE
Just to get back on topic: feel free to contribute/fork this LUKS/LVM2 installer for LMDE. I'd definitely like to see the "real" LMDE installer provide this functionality.
Re: FATAL SECURITY FLAW - Still No Full Disk Encryption
I must agree. FDE should be listed on installer as an option.
Re: FATAL SECURITY FLAW - Still No Full Disk Encryption
Is it possible to finance a bounty for this feature ?
Re: FATAL SECURITY FLAW - Still No Full Disk Encryption
I know bumping is not very kind but I don't see any about this topic. There are several (not very friendly) outdated how-to about FDE on old version of Mint. There is also a feature request (http://community.linuxmint.com/idea/view/2144) with 'Selected' status.
Is there any news about full disk encryption in default installer for Linux Minut Debian ?
Is there any news about full disk encryption in default installer for Linux Minut Debian ?