On Wed, Oct 29, 2008 at 09:41:36PM +0100, Almir Karic wrote: > On Wed, Oct 29, 2008 at 04:14:22PM -0400, Douglas A. Tutty wrote: > > I'll be setting up a new box for the house and I want to use OpenBSD for > > it, both for its security and since it will be an older box it will run > > better than with Debian. > > > > Roles: > > > > main firewall for dialup internet access. > > fetchmail and sendmail to ISP smarthost > > other simple stuff (have another box for insecure stuff like watching > > videos, surfing the net with javascript and flash). > > > > > > We've moved and now our main security threat is physical security. We > > don't want the data on the computer (i.e. in the /home directories) to > > be readable if someone steals the box. > > if someone knowledgeable enough has physical access to the running box, you > can't keep the data private.
If the box is running but no users are logged-in, why can't the data be encrypted and therefore private? This is my thinking about per-user home directory/partition encryption. Doug.