View previous topic :: View next topic |
Author |
Message |
dolphinaura Tux's lil' helper
Joined: 13 Jul 2010 Posts: 145
|
Posted: Tue Feb 01, 2011 6:07 pm Post subject: Encrypting home folder. |
|
|
Om interested in encrypting my home folder for security reasons.
I have a few questions
a) is truecrypt the best transparent (i.e. little performance loss) encryption method?
b)is there a way to automatically decrypt as soon as I login through KDM (i.e. supplying correct password in KDM decypts home folder)
c) if not truecrypt, what encryption method should I use? _________________ ------------------------
Dolphinaura
http://twitter.com/dolphinaura
http://dolphinaura.com |
|
Back to top |
|
|
monsm Guru
Joined: 26 Sep 2007 Posts: 467 Location: London, UK
|
Posted: Tue Feb 01, 2011 7:28 pm Post subject: |
|
|
Not sure about other methods, but truecrypt will allow you to select algorithm to use.
The tradeoff as always with these things are between how secure against the performance. More secure, more CPU goes to encrypt/decrypt, less secure, less CPU use.
So it will also then depend on what sort of hardware you have. Do some googling of algorithms and performance.
Mons |
|
Back to top |
|
|
keba Guru
Joined: 02 Jun 2006 Posts: 328 Location: Switzerland
|
Posted: Wed Feb 02, 2011 12:02 pm Post subject: |
|
|
I wanted to do something similar on my laptop to be safe in case of a theft. But because of performance, I was thinking about only encrypting 3 folders.
I want my emails and addressbook to be secure, as well as 1 folder with important files: .kde4/share/apps/kmail, .kde4/share/apps/kabc and a folder encrypted (where I'll put all files that are private)
Now I'm not sure if this is possible, but I'd mount these 3 folders into another one, and instead of having the folders (like .kde4/share/apps/kmail), I'd have symlinks pointing to the mounted encrypted folder. Anyway, that's my plan, but I haven't tried it yet. I hope that gives you an idea... And I'm not entirely sure yet myself whether to use truecrypt or an encrypted partition with these files on it, using some other linux method. |
|
Back to top |
|
|
forrestfunk81 Guru
Joined: 07 Feb 2006 Posts: 565 Location: münchen.de
|
Posted: Wed Feb 02, 2011 1:00 pm Post subject: |
|
|
I encrypted my partitions with cryptsetup-luks. You can find how-to's on the gentoo-wiki. To auto decrypt your partitions on login you can use sys-auth/pam_mount. Its also descripted in the wiki article. The wiki article is also about encrypting your root partition, but you can filter the importent stuff out. _________________ # cd /pub/
# more beer |
|
Back to top |
|
|
dolphinaura Tux's lil' helper
Joined: 13 Jul 2010 Posts: 145
|
Posted: Wed Feb 02, 2011 6:54 pm Post subject: |
|
|
finally decided to do it with encfs.
quite easy, and I don't need to encrypt the whole partition.
oh, and btw, the wiki is missing a step for the pam automount
you have to add the pam_mount.so to /etc/pam.d/system-auth
For future reference, these edits need to be made.
/etc/pam.d/system-auth
Code: |
#under (auth) pam_unix.so
auth optional pam_mount.so
#under (session) pam_unix.so
session optional pam_mount.so
|
_________________ ------------------------
Dolphinaura
http://twitter.com/dolphinaura
http://dolphinaura.com |
|
Back to top |
|
|
|