From mboxrd@z Thu Jan  1 00:00:00 1970
From: markus reichelt <ml@bitfalle.org>
Subject: Re: linuxsingle
Date: Sun, 17 Apr 2005 00:08:23 +0200
Message-ID: <20050416220823.GB30465@dantooine>
References: <20050410042036.86859.qmail@web52908.mail.yahoo.com> <1113446597.7012.64.camel@localhost.localdomain> <Pine.LNX.4.58.0504140720210.7068@yossarian.aniota.net> <1113489280.7012.71.camel@localhost.localdomain> <Pine.LNX.4.58.0504151823190.22665@yossarian.aniota.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="aM3YZ0Iwxop3KEKx"
Return-path: <linux-admin-owner@vger.kernel.org>
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.58.0504151823190.22665@yossarian.aniota.net>
Sender: linux-admin-owner@vger.kernel.org
List-Id: <linux-admin.vger.kernel.org>
To: linux-admin <linux-admin@vger.kernel.org>


--aM3YZ0Iwxop3KEKx
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

terry white <twhite@aniota.com> wrote:
> on "4-14-2005" "Michael H. Warfield" writ:
>=20
> :    On Thu, 2005-04-14 at 07:25 -0700, terry white wrote:
> : >      "CD-Rs deliver degrading experience
>=20
> : 	Didn't claim that it was.  Neither are flash drives ---
>=20
>    the number of things you did not "claim" is limited only, by the
> reader's knowledge set.  so, that is not a consideration here.

I was going to mention the use of hard encryption as well (loop-aes,
not the kernel stuff; maybe a most recent kernel with dm-crypt).
Still, the implemented encryption schemes completely lack the ability
to check for tampering. That might backfire, but the chances for that
are pretty slim; nevertheless, that possibility exists.=20

So instead of safe-guarding the machine at all times (by whatever
means), I guess encryption is the best shot.


>     what is, is "knowing" cd-r media has a finite shelf life after
> being written.  i "did not" assume the entire readership aware
> of that limitation, so thought its mention a good idea ...

True to mention, not only for very sensitive data like encryption
keys. Having had some nightmares because of faulty backup media, let
me stress that one just can't be paranoid enough when it comes to
backups.

--=20
Bastard Administrator in $hell


--aM3YZ0Iwxop3KEKx
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCYYzXLMyTO8Kj/uQRAoY7AJ4nfU1sUkNdtvU9C6+EF60FP92AkgCfRqch
vhq0HlrEzgIA6GsRQAaDGe8=
=9xlo
-----END PGP SIGNATURE-----

--aM3YZ0Iwxop3KEKx--