public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download: 
* Re: [gentoo-user] Encrypting a hard drive's data. Best method.
  @ 2020-06-06 20:21 99% ` Sebastiaan L. Zoutendijk
  0 siblings, 0 replies; 1+ results
From: Sebastiaan L. Zoutendijk @ 2020-06-06 20:21 UTC (permalink / raw
  To: gentoo-user

Dear Dale,

    On Friday 5 June 2020, 11.37pm -0500, Dale wrote:

> Is this a secure method or is there a more secure way?  Is there any
> known issues with using this?  Anyone here use this method?  Keep in
> mind, LVM.  BTFRS, SP?, may come later.

    Another thing to keep in mind: if you only encrypt your /home, it is
possible  that some data leak out of the encrypted volume. For  example,
if  you  use swap, then the decrypted contents of /home residing in  RAM
can  be  swapped out. If you want to protect yourself against that,  you
will need to encrypt the swap volume as well. The same could happen with
temporary files, so /tmp and /var/tmp might also need special treatment.
Aside from encrypting, tmpfs is another possibility here.
    This  problem is similar, but slightly different, to that  described
by  J.  Roeleveld.  Here I am talking about the contents of  your  files
leaking, instead of the LUKS keys.
    If  you  are going to encrypt multiple filesystems, you  can  either
make  separate  LUKS  volumes for each of them (each LUKS  volume  being
inside  a  partition or LVM volume, for example), or you can create  one
LUKS volume with several LVM volumes inside.

                                                              Sincerely,

                                                                 Bas


--
Sebastiaan L. Zoutendijk | slzoutendijk@gmail.com


^ permalink raw reply	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2020-06-06  4:37     [gentoo-user] Encrypting a hard drive's data. Best method Dale
2020-06-06 20:21 99% ` Sebastiaan L. Zoutendijk

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox