From: "Sebastiaan L. Zoutendijk" <slzoutendijk@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Encrypting a hard drive's data. Best method.
Date: Sat, 6 Jun 2020 20:21:45 +0000 [thread overview]
Message-ID: <CADiAjt3EYE3-qK7VOdfD0byK+sJDbPq1_S0-8Nv5rXP0-quS-w@mail.gmail.com> (raw)
In-Reply-To: <ddcf7e41-ef39-eae8-ba36-82efc057a1ee@gmail.com>
Dear Dale,
On Friday 5 June 2020, 11.37pm -0500, Dale wrote:
> Is this a secure method or is there a more secure way? Is there any
> known issues with using this? Anyone here use this method? Keep in
> mind, LVM. BTFRS, SP?, may come later.
Another thing to keep in mind: if you only encrypt your /home, it is
possible that some data leak out of the encrypted volume. For example,
if you use swap, then the decrypted contents of /home residing in RAM
can be swapped out. If you want to protect yourself against that, you
will need to encrypt the swap volume as well. The same could happen with
temporary files, so /tmp and /var/tmp might also need special treatment.
Aside from encrypting, tmpfs is another possibility here.
This problem is similar, but slightly different, to that described
by J. Roeleveld. Here I am talking about the contents of your files
leaking, instead of the LUKS keys.
If you are going to encrypt multiple filesystems, you can either
make separate LUKS volumes for each of them (each LUKS volume being
inside a partition or LVM volume, for example), or you can create one
LUKS volume with several LVM volumes inside.
Sincerely,
Bas
--
Sebastiaan L. Zoutendijk | slzoutendijk@gmail.com
next prev parent reply other threads:[~2020-06-06 20:22 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-06 4:37 [gentoo-user] Encrypting a hard drive's data. Best method Dale
2020-06-06 7:14 ` J. Roeleveld
2020-06-06 7:16 ` J. Roeleveld
2020-06-06 7:49 ` Dale
2020-06-06 10:32 ` Michael
2020-06-06 14:14 ` antlists
2020-06-06 11:05 ` Rich Freeman
2020-06-06 13:31 ` Victor Ivanov
2020-06-06 13:57 ` antlists
2020-06-06 14:10 ` Rich Freeman
2020-06-06 15:05 ` Jack
2020-06-06 14:18 ` antlists
2020-06-06 15:07 ` Dale
2020-06-06 19:02 ` J. Roeleveld
2020-06-06 14:07 ` Victor Ivanov
2020-06-06 18:51 ` Rich Freeman
2020-06-06 19:38 ` Victor Ivanov
2020-06-06 20:12 ` Rich Freeman
2020-06-07 0:47 ` Victor Ivanov
2020-06-07 1:04 ` Rich Freeman
2020-06-07 1:50 ` Dale
2020-06-07 8:08 ` Dale
2020-06-07 9:07 ` antlists
2020-06-07 18:23 ` antlists
2020-06-09 20:24 ` Dale
2020-06-09 21:30 ` [gentoo-user] Encrypting a hard drive's data. Best method. PICS attached Dale
2020-06-07 10:33 ` [gentoo-user] Encrypting a hard drive's data. Best method Rich Freeman
2020-06-07 11:52 ` Victor Ivanov
2020-06-07 12:43 ` Victor Ivanov
2020-06-07 7:37 ` antlists
2020-06-06 15:07 ` Frank Steinmetzger
2020-06-06 20:21 ` Sebastiaan L. Zoutendijk [this message]
2020-06-07 1:54 ` Dale
2020-06-10 6:59 ` Dale
2020-06-10 9:52 ` Michael
2020-06-10 21:02 ` Dale
2020-06-10 13:37 ` Victor Ivanov
2020-06-10 20:52 ` Dale
2020-06-11 21:51 ` Victor Ivanov
2020-06-11 22:17 ` Dale
2020-06-11 23:08 ` Victor Ivanov
2020-06-12 2:00 ` Dale
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CADiAjt3EYE3-qK7VOdfD0byK+sJDbPq1_S0-8Nv5rXP0-quS-w@mail.gmail.com \
--to=slzoutendijk@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox