Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
open
cryptops
Commits
0253f034
Commit
0253f034
authored
Jan 04, 2018
by
Maarten de Waard
👼
Browse files
add something about unencrypted partition
parent
890ca070
Changes
1
Hide whitespace changes
Inline
Side-by-side
docs/considerations.rst
View file @
0253f034
...
...
@@ -29,26 +29,51 @@ Invalid reasons to use CryptOps
* install a modified version of CryptOps that doesn't really encrypt;
* man-in-the-middle your first ssh connection to the server running in the
initrd, capturing your encryption password when you first enter it;
* access your decrypted data in memory while your
vps
is active;
* access your decrypted data in memory while your
VPS
is active;
* various other methods.
It is very hard to prevent someone who has access (physical or via network) to
the host running your
vps
from reading your data, and CryptOps does not pretend
the host running your
VPS
from reading your data, and CryptOps does not pretend
to do so.
Possible reasons to not use CryptOps
------------------------------------
* It increases the chance of data loss: if you forget or lose your encryption
password, a single reboot of your
vps
(for whatever reason) renders your data
password, a single reboot of your
VPS
(for whatever reason) renders your data
irrecoverably lost.
* It can increase downtime of your
vps
: whenever your
vps
reboots, you need to
* It can increase downtime of your
VPS
: whenever your
VPS
reboots, you need to
become aware of this (though we have a customisable hook to notify you of this
situation), connect to the
vps
, and enter your encryption password; only then
can the boot process of the
vps
continue. All this time the service provided
by your
vps
is not running.
* You may not need full disk encryption of your
vps
: depending on the software
running on your
vps
, it could be easier to encrypt only some data directories.
situation), connect to the
VPS
, and enter your encryption password; only then
can the boot process of the
VPS
continue. All this time the service provided
by your
VPS
is not running.
* You may not need full disk encryption of your
VPS
: depending on the software
running on your
VPS
, it could be easier to encrypt only some data directories.
On the other hand, it is easy to overlook some sensitive data stored in
configuration, cache files, temporary files, etc.
What is *not* encrypted
-----------------------
The default CryptOps setup includes a small partition that contains unencrypted
data needed by the CryptOps initrd. This data contains the SSH public keys that
are used to authorise users logging into the Dropbear shell.
Note that these can be coupled to private keys on your computer, so in a sense
can be seen as identifying material. To be secure, at least always:
* Keep your private keys private! This is *very* important. They are essential
for the security of your VPS
* Think about what you enter as an identifier for your public key. The public
key is formatted as follows: ``<key-type> <public-key> <identifier>``. The
identifier will often default to your (user)name, but can be anything. If you
want to maximise anonymity, use something that you can use to identify the
key, but does not directly identify *you*.
Boot partition
++++++++++++++
Other than some laptops with full disk encryption, CryptOps does not offer an
encrypted boot partition. This is because booting a virtual machine is slightly
different from booting a laptop. Often the initrd and kernel will be provided by
the hosting provider.
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment