Isn't it time for the encrypted file system???
Jeremy Katz
katzj at redhat.com
Fri Mar 24 21:59:41 UTC 2006
On Fri, 2006-03-24 at 17:50 +0100, Karel Zak wrote:
> On Thu, Mar 23, 2006 at 09:31:19AM -0500, Daniel J Walsh wrote:
> > Laptops have becoming the standard machine for people, replacing the
> > desktop. We need to consider defaulting FC6 with encrypted filesystem
> > or at least homedirs out of the box. This should be a key feature of FC6.
>
> I don't think that encrypted filesystem is a good way. I think better
> idea is support for encrypted devices (partitions). It's solution
> independent on filesystem and it's useful for swaps too. For more
> details see cryptsetup-luks and dm-crypt.
The problem is that encrypting block devices in a user-friendly fashion
kind of sucks.
* Encrypting the rootfs's block device sucks as you need to be able to
get a passphrase or whatever at boot-time before you have X (... and
thus can display the proper fonts) and before you have a sane keyboard
map.
* You don't want an encryption that's global across all of /home, you
really want to encrypt each user's home directory separately so that
they can access their own stuff without needing any sort of admin
access. But you don't want to require a separate block device per user
as this is an administration nightmare.
For some cases (eg, swap, removable devices), block device level can
make a lot of sense. But for things like home directories, it kind of
sucks. :-/
Jeremy
More information about the Fedora-maintainers
mailing list