On 01/31/2012 04:52 PM, Anders Johansson wrote:
On Tuesday 31 January 2012 15:14:30 Tim Serong wrote:
The story is different if you specifically encrypt a file with GPG (or whatever) then copy that encrypted file elsewhere.
This is an important difference between block-level and file-level operations.
You really don't want to have file level encryption on your entire /home. You would need to enter your encryption key every time a file was opened. Once for .bashrc, once for .bash_history, once for .profile etc etc etc.
A scheme like that would last exactly 5.4 seconds, then you'd reformat with something sane
Good point :) It's worth mentioning, you can (or should be able to somehow - I haven't tried lately) do block-level encryption on an external hard disk, same as you can for a disk/partition that's physically inside your system. So, backup files to the encrypted block device from your encrypted /home partition, and life is (or should be) good/sane. Cheers, Tim -- Tim Serong Senior Clustering Engineer SUSE tserong@suse.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org