Encrypted home directory

Tue Dec 23 12:29:13 UTC 2008

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Don't we already provide a solution for this?  All you have to do is
check the block when installing Fedora (ever since 9) and it will
encrypt your entire hard drive (except /boot) at AES-128 using LUKS.

The decrypting at boot up was a little clunky in F9 but F10 made it
looks nice.

Thanks,
Eric Christensen
E-Mail: sparks at fedoraproject.org
GPG Key: D74908ED

Sachin wrote:
> I had never expected so much of discussion :), which is healthy.(I had
> never thought of swap)
> But shouldn't be discussion limited to whether we can provide this
> feature or not and let the end user decide whether he wants to use it or
> not.
> 
> And if he faces the problem like scalability or umounting he/she log the
> bug with upstream ..
> 
> I am believe fedora is about choices and freedom.
> 
> 
> 2008/12/22 David Nielsen <gnomeuser at gmail.com <mailto:gnomeuser at gmail.com>>
> 
> 
> 
>     2008/12/22 Nikolay Vladimirov <nikolay at vladimiroff.com
>     <mailto:nikolay at vladimiroff.com>>
> 
>         2008/12/22 Muayyad AlSadi <alsadi at gmail.com
>         <mailto:alsadi at gmail.com>>:
>         > I guess we should have an optional special directory inside
>         each user's home
>         > let's say it's named private
>         >
>         > a trivial pygtk tool can call fuse to mount a file there into
>         the same directory
>         >
>         > what do you think ?
>         >
>         > I guess I have 1000000s config files on my home, apps will
>         start very
>         > slow if they are encrypted (think firefox for example)
>         >
>         > --
>         > fedora-devel-list mailing list
>         > fedora-devel-list at redhat.com <mailto:fedora-devel-list at redhat.com>
>         > https://www.redhat.com/mailman/listinfo/fedora-devel-list
>         >
> 
>         It's good to have an option to do both encrypted home and dedicated
>         encrypted dir in home.
>         Sice it's normal to have programs that save your passwords in
>         plaintext in their configs. And yes,
>         most of them do that because they also send the passwords in
>         plaintext
>         over the net,
>         and if someone watches your traffic it will be trivial to find them.
>         Also it's good to encrypt the cache of some programs since it's
>         common
>         that you don't want
>         your browser history, cache, etc. to be visible.
> 
> 
>     Wouldn't saving passwords in plaintext (presumably also history and
>     cache) be a bug?  
> 
> 
>         However I find it simpler and safer to use hardware disk
>         encryption(from the BIOS config) and a bunch of other thinkpad
>         security stuff.
>         I'm not really sure if this kind of stuff is widely available on
>         other
>         hardware. So this software encryption thing seems nice.
> 
> 
> 
>     --
>     fedora-devel-list mailing list
>     fedora-devel-list at redhat.com <mailto:fedora-devel-list at redhat.com>
>     https://www.redhat.com/mailman/listinfo/fedora-devel-list
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklQ2ZgACgkQL5V8yddJCO1ztwCeIVrU011xFwMGwb+c/xO2q1J4
uDEAnA5m+jpAGpOAA/MGF/J2Si9LsHoZ
=BOjR
-----END PGP SIGNATURE-----