Hello, Am Sonntag, 5. Juni 2005 06:44 schrieb Ciro Iriarte: [encrypted filesystem]
Thanks a lot, i'll try it
Some notes about security: Avoid suspend to disk - the password of the encrypted partition will be written to swap (in clear text!) - you don't need to type it at resume. (You can avoid this by umounting the encrypted partition before suspend.) Put /tmp and /var (with symlinks) onto your encrypted partition to avoid unencrypted tempfiles, MySQL databases, ... with private data [1]. Please note that you _have to_ mount the encrypted partition on boot, otherwise many applications will fail (because they cannot create tempfiles or open something in /var/.) If you are really paranoid ;-) read /usr/share/doc/howto/en/html/Encrypted-Root-Filesystem-HOWTO/ It's also possible to have encrypted swap, but I didn't test this yet ;-) (If you are interested, just ask. I'll translate the mail I've recently seen in suse-laptop.) About performance: I didn't experience a notifyable performance loss in my daily work. Maybe it's slightly different when working with really large files (like diskimages), but usually the harddisk performance (and not the CPU for encryption/decryption) is the limiting factor. Regards, Christian Boltz [1] given you encrypt /home: - /tmp can be a symlink to /home/tmp - most directories in /var can be symlinks to /home/var/$dirname (except /var/log, /var/lock and /var/run which would need more tuning ;-) This is how it looks on my system: # ls -l /tmp /var lrwxrwxrwx 1 root root 10 2005-05-06 18:55 /tmp -> /home/tmp// /var: lrwxrwxrwx 1 root root 17 2005-05-06 21:08 account -> /home/var/account/ lrwxrwxrwx 1 root root 13 2005-05-06 21:08 adm -> /home/var/adm/ lrwxrwxrwx 1 root root 15 2005-05-06 21:08 cache -> /home/var/cache/ lrwxrwxrwx 1 root root 13 2005-05-06 21:08 cvs -> /home/var/cvs/ lrwxrwxrwx 1 root root 15 2005-05-06 21:08 games -> /home/var/games/ lrwxrwxrwx 1 root root 13 2005-05-06 21:08 lib -> /home/var/lib/ drwxrwxr-t 4 root uucp 4096 2005-06-05 10:20 lock/ drwxr-xr-x 9 root root 4096 2005-06-05 10:02 log/ lrwxrwxrwx 1 root root 14 2005-05-06 21:08 mail -> /home/var/mail/ lrwxrwxrwx 1 root root 13 2005-05-06 21:08 opt -> /home/var/opt/ drwxr-xr-x 17 root root 4096 2005-06-05 10:02 run/ lrwxrwxrwx 1 root root 15 2005-05-06 21:08 spool -> /home/var/spool/ lrwxrwxrwx 1 root root 13 2005-05-06 21:08 tmp -> /home/var/tmp/ lrwxrwxrwx 1 root root 15 2005-05-06 21:08 X11R6 -> /home/var/X11R6/ lrwxrwxrwx 1 root root 12 2005-05-06 21:08 yp -> /home/var/yp/ -- Der nächste DAU kommt bestimmt. Sie werden in den Kellern von AOL gezüchtet. [Dieter Bruegmann in dag°]