Encrypted home directory
Bruno Wolff III
bruno at wolff.to
Tue Dec 23 15:29:35 UTC 2008
On Tue, Dec 23, 2008 at 16:15:06 +0200,
Nikolay Vladimirov <nikolay at vladimiroff.com> wrote:
>
> That seems reasonable. I really see two good paths to this data security thing:
> 1) Some hardware level encryption. Like in my thingpad I have some
> trusted something thingie
> and another hard drive security thing. This way there will be no
> software complications.
Becareful, some of these implementations are very poor. It might keep a
typical individual out, but not someone willing to spend a little money.
> 2) Encrypted /home since all of the user's sensitive data should be there.
That is a bad assumption.
> It's good to have some notice like "Full disk encryption is more
> secure" and "Note that some cache saved outside of the /home dir may
> be visible ( swap, /tmp, stuff)" and "Using some BIOS setting stuff is
> more secure".
What is the point? Someone has to do work to implement this. It is a poorer
solution than what already exists for at least most people.
> Some benchmarks of encrypted stuff vs non encrypted will be nice to
> know for sure about the performance loss.
It's not that high since the cpu calculations generally take less time
than pulling the info off the disk. And on modern cpus it's not that
taxing on the cpu.
> And some info in the installation media about this stuff maybe taken
> from "Security Guide" in the wiki will be nice.
There is a check box for encryption when you do an install.
> Note: I'm not very competent in this whole encryption stuff. I'm just
> offering some user point of view on this.
More information about the fedora-devel-list
mailing list