Feature changed by: Jan Engelhardt (jengelh) Feature #312258, revision 7 Title: Ubuntu style encrypted home directories openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: David Nielsen (davidnielsen) Partner organization: openSUSE.org Description: Ubuntu has a very neat and useful implementation of encryption for users. Using ecryptfs they allow for each user to have his/her data encrypted without requiring one master password being entered at boot time. It is unlocked along with your regular login making it entirely seamless. It would be nice to see similar functionality easily available when creating users in openSUSE. Discussion: #1: Ralph Ulrich (ulenrich) (2011-04-26 13:05:54) I was not convinced using ecryptfs some time ago. Really large file quantities in ~user will break performance of ecryptfs. I think of a better integrated pam_mount capabilities of openSUSE at install time: Using luks extension you are able to have nearly the features of ecryptfs, but sudo users can look into all ~user. + #3: Jan Engelhardt (jengelh) (2012-05-10 06:38:13) (reply to #1) + Alternatively, encfs also comes to mind, which does not require keeping + around a non-shrinkable crypto container. (pam_mount suggests that.) #2: Ned Ulbricht (ned_ulbricht) (2011-04-26 16:15:45) Encryption is very often seen as "bolt-on" feature. You "bolt on" an encrypted filesystem and (gee-whiz presto!) now you've bolted on security. That is a classic mistake. I think it makes most sense for openSUSE to support one or more common use cases for encryption solutions. And a not-very-threatening threat model. Just for quick example: User has laptop and frequents airports and coffeeshops. Threat is opportunistic laptop thief. Attacker is sophisticated enough to use a canned program to scan through Windows FAT or NTFS volume looking for logins and credit card numbers on stolen laptops. Now we can vary that example a little bit? Supposed canned program is upgraded to handle ext{2,3,4} filesystems. The threat is still a relatively unsophisticated attacker, who uses off-the-shelf tools. Potential vulnerability is still exposure of cleartext login credentials and credit card numbers. Potential impact --while severe enough to the victim-- is not life-threatening, and probably limited to less than a million dollars financial loss. I think openSUSE can settle on a preferred stock solution for a use case/threat model (implied risk level) like that rough example. Beyond that though, I'm worried that "bolt on" encryption "solutions" substitute marketing features for necessary analysis. -- openSUSE Feature: https://features.opensuse.org/312258