Isn't it time for the encrypted file system???
Jeremy Katz
katzj at redhat.com
Mon Mar 27 16:33:33 UTC 2006
On Sat, 2006-03-25 at 17:50 +0100, Karel Zak wrote:
> On Pá, bře 24, 2006 at 04:59:41 -0500, Jeremy Katz wrote:
> > On Fri, 2006-03-24 at 17:50 +0100, Karel Zak wrote:
> > > On Thu, Mar 23, 2006 at 09:31:19AM -0500, Daniel J Walsh wrote:
> > > > Laptops have becoming the standard machine for people, replacing the
> > > > desktop. We need to consider defaulting FC6 with encrypted filesystem
> > > > or at least homedirs out of the box. This should be a key feature of FC6.
> > >
> > > I don't think that encrypted filesystem is a good way. I think better
> > > idea is support for encrypted devices (partitions). It's solution
> > > independent on filesystem and it's useful for swaps too. For more
> > > details see cryptsetup-luks and dm-crypt.
> >
> > The problem is that encrypting block devices in a user-friendly fashion
> > kind of sucks.
>
> I think the original post was about laptop users.
So because the computer is smaller and I carry it with me, the user
interface problems go away? I don't buy it :)
> > * You don't want an encryption that's global across all of /home, you
> > really want to encrypt each user's home directory separately so that
> > they can access their own stuff without needing any sort of admin
>
> Sorry, but privacy on system where someone other has root permissions
> is illusion only. I don't understand how could be really safe system
> where admin is able to modify kernel or some system util and steal
> your password (or private key or whatever).
No, I'm saying that Bob shouldn't need an administrator to unlock
the /home on his laptop. But Bob and Jim should be able to both have
accounts (or maybe it's Bob and his girlfriend)
Jeremy
More information about the Fedora-maintainers
mailing list