On Fri, Nov 17, 2006 at 11:58:53AM +0100, Andreas Jaeger wrote: > > FYI, here're the minutes from our discussion. I hope to see this for > 10.3... > > Andreas > > Topic: Encrypted Home Directories > > * Main new feature: Per user encrypted home > > * Proposal: > - Enable per user encrypted home partitions (using pam_mount) > - use dm-crypt + LUKS as default instead of cryptoloop > > Challenges + Problems: > > * currently KDM accesses home directory before authentification (after > user name is known) to get information about the last session. An > encrypted home partition this needs changes in the logic. What about encrypting ~/Documents only per default? Other diretories could be added by the user easily.
Mandriva has a very smart way and a nice gui. The encrypted folder is loopmounted over the same folder. So you have /home/joe/secret (which is a dm-crypt container) /home/joe/secret (which shows the unencrypted content after giving the right password. Ideally Konqueror/Nautilus should ask automatically for a passphrase, when clicking on an encrypted container. Of course it would be nicer to have full /home encrypted. > > * For ssh-key it's a problem to read the key files since they are > stored in the home directory, only password authentification would > work. > > * Other programs might read the homedirectory, like procmail. We have > to check which other programs do this and decide how to handle this, > e.g. a shadow home directory (or union filesystems) for procmail, > secret keys... > > * Backup software is a challenge, users want encrypted backups. > > * Manually mounting via /etc/fstab is not possible currently with > dm-crypt, other distributions use /etc/fscrypttab or we would need > to extra add support to allow this with /etc/fstab. > > Use-case: A separate encrypted partition with secrect data that is > only mounted manually if needed by the user and then unmounted > again. > > * On-the-fly upgrade would be fine. Unfortunately dm-crypt uses two > extra blocks so this cannot be done without losing data. > > * 10.2 has all the basic support for dm-crypt and LUKS but it's not > integrated. > > * Linux only supports only 255 loopback mounts, so this limits the > maximum of users that can be logged in at the same time. > > * FUSE and encrypted single files would be an option as well but there > are some drawbacks with it. > > * Use case: Laptop stolen or taken away. If one user is comprimised, > not all should be comprised. > > * Masterkey that is encrypted by the users login, so that only one > password is needed to login. > > * screensaver issues (just close the lid) > What happens with a locked screen and laptop taken away still running? > > * suspend to disk > How to handle suspend to disk? Umount before suspend and remount later? > > Changes for this: > > YaST changes: > * support dm-crypt by default for new installations in yast2-storage > * during user creation allow creation of encrypted home directories > * During update: Support old cryptoloop partitions and allow new > installations. > > Base system changes: > * Using pam_mount > * Enable dm-crypt in boot.crypto > * Handle /etc/fstab unless to not regress > * Migration programs to migrate from cryptoloop to dm-crypt > > > Andreas > -- > Andreas Jaeger, [EMAIL PROTECTED], http://www.suse.de/~aj/ > SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany > GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
