Encrypted home directory
Eric Christensen
eric at christensenplace.us
Tue Dec 23 12:42:00 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ralf Ertzinger wrote:
> Hi.
>
> On Tue, 23 Dec 2008 10:30:31 +0200, Nikolay Vladimirov wrote:
>
>> Ok. I'm not really sure about this but I think that full disk
>> encryption on a software level
>> with a key storng enough will bring some performance loss. And some
>> people just want
>> some confidential files to be encrypted.
>
> I'm running full-LV encryption for /home (and some other directories) in
> my laptop, and the performance loss is nonexistant for me. Getting the
> bits off the rotating rust takes quite longer then decrypting them.
>
> After all, all the cores in that thing have to be good for something.
>
> (Core Duo, 1.6GHz)
>
I've been running full disk encryption via LUKS since F8 with a 6 year
old laptop. I don't see any noticeable performance loss.
Just to comment on the whole disk versus just a folder in the /home,
Windows did the same thing a number of years ago on XP (and since I
believe but I don't know). You could select a folder and "encrypt" it.
The crypto implementation was horrible and when people actually used it
they never realized that they weren't getting ALL the sensitive data
encrypted. There will always be a cache or tmp file laying around in
the clear that will contain sensitive information.
The DoD didn't like the use of the folder level encryption and has sense
mandated full disk encryption for all portable devices. It saves the
user from trying to figure out what is sensitive and what needs to be
encrypted and breaking their storage schema just to put a specific file
into a specific folder. The user will ALWAYS miss something and will
ALWAYS be left vulnerable.
Thanks,
Eric Christensen
E-Mail: sparks at fedoraproject.org
GPG Key: D74908ED
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAklQ3JYACgkQL5V8yddJCO15uwCeP5YxqNlEwleCzl824t70Slq6
8/oAn1wwTK4AkWaYHje5PjCzYvn7JVHe
=VI4A
-----END PGP SIGNATURE-----
More information about the fedora-devel-list
mailing list