Encrypted home directory
Eric Christensen
eric at christensenplace.us
Tue Dec 23 12:29:13 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Don't we already provide a solution for this? All you have to do is
check the block when installing Fedora (ever since 9) and it will
encrypt your entire hard drive (except /boot) at AES-128 using LUKS.
The decrypting at boot up was a little clunky in F9 but F10 made it
looks nice.
Thanks,
Eric Christensen
E-Mail: sparks at fedoraproject.org
GPG Key: D74908ED
Sachin wrote:
> I had never expected so much of discussion :), which is healthy.(I had
> never thought of swap)
> But shouldn't be discussion limited to whether we can provide this
> feature or not and let the end user decide whether he wants to use it or
> not.
>
> And if he faces the problem like scalability or umounting he/she log the
> bug with upstream ..
>
> I am believe fedora is about choices and freedom.
>
>
> 2008/12/22 David Nielsen <gnomeuser at gmail.com <mailto:gnomeuser at gmail.com>>
>
>
>
> 2008/12/22 Nikolay Vladimirov <nikolay at vladimiroff.com
> <mailto:nikolay at vladimiroff.com>>
>
> 2008/12/22 Muayyad AlSadi <alsadi at gmail.com
> <mailto:alsadi at gmail.com>>:
> > I guess we should have an optional special directory inside
> each user's home
> > let's say it's named private
> >
> > a trivial pygtk tool can call fuse to mount a file there into
> the same directory
> >
> > what do you think ?
> >
> > I guess I have 1000000s config files on my home, apps will
> start very
> > slow if they are encrypted (think firefox for example)
> >
> > --
> > fedora-devel-list mailing list
> > fedora-devel-list at redhat.com <mailto:fedora-devel-list at redhat.com>
> > https://www.redhat.com/mailman/listinfo/fedora-devel-list
> >
>
> It's good to have an option to do both encrypted home and dedicated
> encrypted dir in home.
> Sice it's normal to have programs that save your passwords in
> plaintext in their configs. And yes,
> most of them do that because they also send the passwords in
> plaintext
> over the net,
> and if someone watches your traffic it will be trivial to find them.
> Also it's good to encrypt the cache of some programs since it's
> common
> that you don't want
> your browser history, cache, etc. to be visible.
>
>
> Wouldn't saving passwords in plaintext (presumably also history and
> cache) be a bug?
>
>
> However I find it simpler and safer to use hardware disk
> encryption(from the BIOS config) and a bunch of other thinkpad
> security stuff.
> I'm not really sure if this kind of stuff is widely available on
> other
> hardware. So this software encryption thing seems nice.
>
>
>
> --
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com <mailto:fedora-devel-list at redhat.com>
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAklQ2ZgACgkQL5V8yddJCO1ztwCeIVrU011xFwMGwb+c/xO2q1J4
uDEAnA5m+jpAGpOAA/MGF/J2Si9LsHoZ
=BOjR
-----END PGP SIGNATURE-----
More information about the fedora-devel-list
mailing list