Mailinglist Archive: opensuse (1188 mails)
| < Previous | Next > |
Fwd: Re: [opensuse] Cautionary tale re encrypted HOME directory
- From: Tim Serong <tserong@xxxxxxxx>
- Date: Tue, 31 Jan 2012 17:40:36 +1100
- Message-id: <4F278CE4.9090909@suse.com>
Oops, didn't reply to list.
-------- Original Message --------
Subject: Re: [opensuse] Cautionary tale re encrypted HOME directory
Date: Tue, 31 Jan 2012 17:39:52 +1100
From: Tim Serong <tserong@xxxxxxxx>
To: Basil Chupin <blchupin@xxxxxxxxxxxx>
On 01/31/2012 05:27 PM, Basil Chupin wrote:
Off the top of my head - you'd probably have to reformat/repartition it.
I don't know if there's an option to encrypt an existing volume. The
yast partitioner applet(?) should give you an "encrypt volume" option
when creating a new partition.
HTH,
Tim
--
Tim Serong
Senior Clustering Engineer
SUSE
tserong@xxxxxxxx
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx
-------- Original Message --------
Subject: Re: [opensuse] Cautionary tale re encrypted HOME directory
Date: Tue, 31 Jan 2012 17:39:52 +1100
From: Tim Serong <tserong@xxxxxxxx>
To: Basil Chupin <blchupin@xxxxxxxxxxxx>
On 01/31/2012 05:27 PM, Basil Chupin wrote:
On 31/01/12 17:02, Tim Serong wrote:
On 01/31/2012 04:52 PM, Anders Johansson wrote:
On Tuesday 31 January 2012 15:14:30 Tim Serong wrote:
The story is different if you specifically encrypt a file with GPG (or
whatever) then copy that encrypted file elsewhere.
This is an important difference between block-level and file-level
operations.
You really don't want to have file level encryption on your entire
/home. You
would need to enter your encryption key every time a file was opened.
Once for
.bashrc, once for .bash_history, once for .profile etc etc etc.
A scheme like that would last exactly 5.4 seconds, then you'd
reformat with
something sane
Good point :)
It's worth mentioning, you can (or should be able to somehow - I
haven't tried lately) do block-level encryption on an external hard
disk, same as you can for a disk/partition that's physically inside
your system. So, backup files to the encrypted block device from your
encrypted /home partition, and life is (or should be) good/sane.
I like this idea very much.
Can you suggest how this could be achieved considering that I am using
an external USB HDD which, at the moment, is totally formatted in ntfs
(Ok, no drama in splitting it into 2 halves as before with 50% ntfs and
50% ext4)? Thanks muchly.
Off the top of my head - you'd probably have to reformat/repartition it.
I don't know if there's an option to encrypt an existing volume. The
yast partitioner applet(?) should give you an "encrypt volume" option
when creating a new partition.
HTH,
Tim
--
Tim Serong
Senior Clustering Engineer
SUSE
tserong@xxxxxxxx
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx
| < Previous | Next > |