On Sun, Sep 11, 2011 at 02:23:37PM +0100, Jon Dowland wrote:
I think it would be wonderful to have such ease-of-use $HOME
encryption in Debian. Ubuntu's scheme uses ecryptfs. Before I begin
looking into how best I might help work towards this, I was wondering
if experienced people could
On Sun, Sep 11, 2011 at 10:46:41PM +0200, intrigeri wrote:
E.g. data may be written in cleartext swap, in hibernation images,
temporary data may be written at various places on disk that are not
in $HOME: cups spool, /var/tmp, etc.
That's true. But there are varying levels of risk: a
On Tue, Sep 13, 2011 at 09:14:39PM +0100, Jon Dowland wrote:
[...]
Can we make full-disk encryption more convenient?
[...]
I'm not sure it could be any more convenient than it already is to
configure, at least as far as D-I is concerned. It has a
partitioning option or two which are guided with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey list,
Thanks to Jon for raising the topic on this list. It would be great to
enhance the disk encryption support in Debian(-Installer).
Am 13.09.2011 22:14, schrieb Jon Dowland:
On Sun, Sep 11, 2011 at 10:46:41PM +0200, intrigeri wrote:
E.g.
Le mardi 13 septembre 2011 à 21:14 +0100, Jon Dowland a écrit :
For a single-user system, is it possible to pass through the decryption
password to later processes, to avoid needing to provide another password to
log in? I know you could set your display manager to auto-login, but that
On 12/09/11 06:50 +0200, martin f krafft wrote:
also sprach intrigeri intrigeri+debian-de...@boum.org [2011.09.11.2246 +0200]:
The d-i already supports easy *full* system encryption, swap
included.
I think this is what people should be using, not a high-level hack
like ecryptfs.
There might
also sprach Rolf Kutz r...@vzsze.de [2011.09.12.0941 +0200]:
There might be different use cases. An encrypted /home can still
be backuped easily by administrators without being able to see
inside.
True. At the same time, it exposes quite a lot of information, e.g.
structure of the tree. I
On 12/09/11 10:12 +0200, martin f krafft wrote:
[ecryptfs as /home]
True. At the same time, it exposes quite a lot of information, e.g.
structure of the tree. I don't know how much of that could be used
in a plain-text attack.
Ack.
Note, however, that I don't really know ecryptfs. I only
Hi there!
On Mon, 12 Sep 2011 06:50:29 +0200, martin f krafft wrote:
also sprach intrigeri intrigeri+debian-de...@boum.org [2011.09.11.2246
+0200]:
The d-i already supports easy *full* system encryption, swap
included.
I think this is what people should be using, not a high-level hack
On 2011-09-12, Luca Capello l...@pca.it wrote:
On Mon, 12 Sep 2011 06:50:29 +0200, martin f krafft wrote:
also sprach intrigeri intrigeri+debian-de...@boum.org [2011.09.11.2246
+0200]:
The d-i already supports easy *full* system encryption, swap
included.
I think this is what people should
Hi there!
On Mon, 12 Sep 2011 10:54:00 +0200, Philipp Kern wrote:
On 2011-09-12, Luca Capello l...@pca.it wrote:
On Mon, 12 Sep 2011 06:50:29 +0200, martin f krafft wrote:
n also sprach intrigeri intrigeri+debian-de...@boum.org [2011.09.11.2246
+0200]:
The d-i already supports easy *full*
Hey list,
Am 12.09.2011 12:55, schrieb Luca Capello:
On Mon, 12 Sep 2011 10:54:00 +0200, Philipp Kern wrote:
On 2011-09-12, Luca Capello l...@pca.it wrote:
On Mon, 12 Sep 2011 06:50:29 +0200, martin f krafft wrote:
n also sprach intrigeri intrigeri+debian-de...@boum.org [2011.09.11.2246
Hi there!
On Mon, 12 Sep 2011 13:05:38 +0200, Jonas Meurer wrote:
Am 12.09.2011 12:55, schrieb Luca Capello:
[TRIM support for dm-crypt merged into Linux 3.1]
Something I completely forgot in my first email, which is the real
question: are my data as much secure with SSD TRIM as without?
No,
On Mon, Sep 12, 2011 at 09:41:12AM +0200, Rolf Kutz wrote:
[...]
An encrypted /home can still be backuped easily by administrators
without being able to see inside.
An administrator (assuming by administrator you mean root or an
account with access to root-level privs) can easily trojan the
I like encrypted $HOME and making the use of them as easy for people
as possible.
On creation of the first user, Ubuntu's installer offers a checkbox
labelled something like Encrypt the user's files. That's it: just
one check-box. If set, upon login, a PAM module unlocks and mounts a
loopback
Hi,
Jon Dowland wrote (11 Sep 2011 13:23:37 GMT) :
I like encrypted $HOME and making the use of them as easy for people
as possible.
So do I.
However, before we go deep into implementation details, I need to ask
what kind of usecase(s) and threat model(s) you have in mind and are
trying to
also sprach intrigeri intrigeri+debian-de...@boum.org [2011.09.11.2246 +0200]:
The d-i already supports easy *full* system encryption, swap
included.
I think this is what people should be using, not a high-level hack
like ecryptfs.
However, I suppose you can only set this up during
17 matches
Mail list logo