[Gllug] Encription advice appreciated.

[David Damerell]

On Wednesday, 19 Sep 2001, Formi wrote:
[encrypted home directory]
> All this means that I am still open to advice, one thing, yes I will
> be having a different partition for my home directory, and performance
> issues are more important than the level of security.

Well, I encrypt my home directory at home, after a friend of mine was
(wrongly) accused of a crime and had his machines seized. There's an
encryption patch out there for the kernel; apply that, compile in some
encryption methods (I use Blowfish) and support for the loopback
interface.

Then to work with a particular partition do a 'losetup -e blowfish
/dev/loop0 /dev/hda1' (or whatever's appropriate); supply a passphrase
if it's your first time using it; mke2fs a filesystem on it (i.e. on
/dev/loop0), mount it, whatever. In the long term you may want an
/etc/fstab entry like this;
/dev/hdc1 /home ext2 defaults,loop=/dev/loop1,encryption=blowfish,errors=remount-ro 0 0

Difficulties; your machine asks you for a passphrase at boot time
(unless you don't mount the partition automatically), so cannot boot
unattended. You cannot back up your machine in a straightforward
fashion without losing any security you have gained. Unless you run
without swap, the spooks can probably recover some data from your
swap partition.

-- 
David Damerell <damerell at chiark.greenend.org.uk> flcl?

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug