![]() ![]() On or you share your computer with other users, then you could have home in aĭifferent partition from / and use ecryptfs along full disk encryption(that is encryption of / through LUKS) FULL DISK ENCRYPTION AND HOME ECRYPTFS ENCRYPTION: If you're worried about your private data being read while your pc is.So much) you can use full disk encryption and put home in the same Handle the overhead of full disk encryption (all modern desktops canĭo that without the user noticing, netbooks and old laptops not FULL DISK ENCRYPTION ONLY: If you're the only one using your computer and your machine can.Here's a list of possible set-ups, depending on different security needs: So, full disk encryption and home encryption are not necessarily mutually exclusive. If your system is to be shared between multiple users, this is a very nice feature to have even if you decide to add full disk encryption along with this: the safety of Full disk encryption is off when the machine is up and running while home (ecryptfs) encryption is On as long as you're logged out. The only information leak is: filesize, timestamps and number of files (with full disk encryption these are hidden as well). They look like a bunch of scrabbled/random files since filenames are encrypted as well. When you log out /home/username is unmounted and only the encrypted files remain visible in the system (usually in /home/.ecryptfs/username/.Private/). It is very well done and tightly knitted into the default auth system so that you'll have zero usability drawbacks: when you enter your account (either from a remote shell or from the default login screen) your password is used to unwrap a secure key, which is then used to encrypt/decrypt your files in your home directory on the fly(The mounted filesystem will reside directly in /home/username). just /home?Įncryption in /home is done using a user space filesystem called ecryptfs. Follow up question: what are up and downsides of full disk vs. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |