Ben wrote:
I need to encrypt the home folder on my laptop and desktop. I realise
there are vulnerabilities associated with not encrypting the whole
disk, but I'm willing to cope with a lower level of protection as I'm
more concerned about accidental loss or casual theft, rather than a
targetted attack.
I've spent some time looking up encryption and there doesn't seem to
be a shortage of choice.
I'm looking for a recommendation on a method that favours simplicity
and reliability (performance is not a major concern).
If you distribution ships pam_mount then it and dm_crypt work
well together to encrypt /home/$USER. I use it and it just works.
If you have a machine used mainly by you, then you can use a
real/LVM partition rather than a loopback filesystem as the
dm_crypt storage. This takes out a lot of the configuration
complexity. If you use LVM then you needn't fret about
getting the partition size wrong (although growing the
encrypted file system is more work than it should be).
You should also use dm_crypt to encrypt the swap partition,
or dd /dev/random into swap as part of your shutdown.
Bloody annoyingly the Linux suspend-to-disk has no option to
send the suspended memory through encryption before it stores
it to disk. So you can't use suspend and stay safe if someone
nicks your laptop.
--
Glen Turner Tel: (08) 8303 3936 or +61 8 8303 3936
Australia's Academic & Research Network www.aarnet.edu.au
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
