[Gllug] Encription advice appreciated.

Formi rcarrera at formi.org.uk
Wed Sep 19 13:00:43 UTC 2001 

On Wed, 19 Sep 2001, David Damerell wrote:

 Sounds good, I will be a bit out of my waters trying that,
 but I will put a brave face to it. :-)

 Being a laptop, the difficulty you mention is a bless. I mean having
 to mount by hand and supplying the password.
 I don't need a normal backup procedure, because everything that
 goes to the thinkpad is duplicated on the fly in my desktop via
 nfs.

 I wouldn't be a bad idea if all distros provided the option to
 do this kind of thing with different levels of security/performance.

 Thanks for the advice.

                             Formi.




> On Wednesday, 19 Sep 2001, Formi wrote:
> [encrypted home directory]
> > All this means that I am still open to advice, one thing, yes I will
> > be having a different partition for my home directory, and performance
> > issues are more important than the level of security.
>
> Well, I encrypt my home directory at home, after a friend of mine was
> (wrongly) accused of a crime and had his machines seized. There's an
> encryption patch out there for the kernel; apply that, compile in some
> encryption methods (I use Blowfish) and support for the loopback
> interface.
>
> Then to work with a particular partition do a 'losetup -e blowfish
> /dev/loop0 /dev/hda1' (or whatever's appropriate); supply a passphrase
> if it's your first time using it; mke2fs a filesystem on it (i.e. on
> /dev/loop0), mount it, whatever. In the long term you may want an
> /etc/fstab entry like this;
> /dev/hdc1 /home ext2 defaults,loop=/dev/loop1,encryption=blowfish,errors=remount-ro 0 0
>
> Difficulties; your machine asks you for a passphrase at boot time
> (unless you don't mount the partition automatically), so cannot boot
> unattended. You cannot back up your machine in a straightforward
> fashion without losing any security you have gained. Unless you run
> without swap, the spooks can probably recover some data from your
> swap partition.
>
>

-- 
 God doesn't exist, if he ever had, he'd have had committed suicide.


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list