From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RVmcS-0005rs-QL for garchives@archives.gentoo.org; Wed, 30 Nov 2011 16:02:49 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3628721C0BD; Wed, 30 Nov 2011 16:02:24 +0000 (UTC) Received: from mail-vw0-f53.google.com (mail-vw0-f53.google.com [209.85.212.53]) by pigeon.gentoo.org (Postfix) with ESMTP id C9B3521C03A for ; Wed, 30 Nov 2011 16:01:02 +0000 (UTC) Received: by vbbff1 with SMTP id ff1so563806vbb.40 for ; Wed, 30 Nov 2011 08:01:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=KoVwr702bTBO95NX3v2id5DYqBvSpnxcaeP5pjb3gb0=; b=tyxbSa4XeQoXFf/2a75iOL1wmUHtd/YNKHvkS3e+zHUW+waaf8J7jcoAU9uWCXznts crNdG5siCZxWf8fN1g3t+vNER7oTndR+f6Si/HYe7QCdjhutusCoibSkOhDcsYfF07In 8fAgYWzsRpS2+0vt0MUpI4FNP2wA6BQh6xgdo= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.52.177.38 with SMTP id cn6mr2584923vdc.8.1322668862011; Wed, 30 Nov 2011 08:01:02 -0800 (PST) Received: by 10.52.188.104 with HTTP; Wed, 30 Nov 2011 08:01:01 -0800 (PST) In-Reply-To: <4ED6503C.5070606@desaster-games.com> References: <20111130152753.176a9a08@hactar.digimed.co.uk> <4ED6503C.5070606@desaster-games.com> Date: Wed, 30 Nov 2011 17:01:01 +0100 Message-ID: Subject: Re: [gentoo-user] Full disk encryption From: czernitko To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary=bcaec501c5dcacf88004b2f5d79d X-Archives-Salt: 81458560-4a46-463d-8097-4574ebc6223c X-Archives-Hash: 14b406d9096b80381f2dc79c275f107a --bcaec501c5dcacf88004b2f5d79d Content-Type: text/plain; charset=ISO-8859-1 Ok, it seems I'll stick with dmcrypt using http://en.gentoo-wiki.com/wiki/DM-Crypt. Thanks for your responses guys! Peter 2011/11/30 Felix Kuperjans > Hello Peter, > > dmcrypt works perfectly without initrd as long as you do not encrypt the > root filesystem. > > So for encrypted home directories, you can just create and use a LUKS > volume with dmcrypt (AFAIK the fastest and easy-to-use way). > > Regarding other techniques like gpg or truecrypt, you should keep in mind, > that dmcrypt works directly in the kernelspace, so it may be a lot faster > with the same encryption strength (but it don't know any benchmark about > that). > > Regards, > Felix . > > Am 30.11.2011 16:40, schrieb czernitko: > > Hello, thanks for your response, Neil! > As for dmcrypt usage, what do you think about truecrypt or pgp whole disk > encryption as alternatives to dmcrypt? > I would like to have only one partition with all home directories on it, > and I would like to avoid usage of initrd as I don't use it now and I would > like to keep it that way if possible. > > Peter > > > 2011/11/30 Neil Bothwick > >> On Wed, 30 Nov 2011 16:19:18 +0100, czernitko wrote: >> >> > I would like to set up an encrypted partition for my /home directories >> > on Gentoo Hardened. Which approach do you recommend? >> >> Do you want a single encrypted filesystem, or separately encrypted home >> directories for each user. for the former, emerge cryptsetup, use it to >> create the encrypted block device and set it up in /etc/conf.d/dmcrypt. >> >> For individually encrypted home directories, using ecryptfs on top of a >> standard filesystem, as used by Ubuntu, is probably the best way. >> >> >> -- >> Neil Bothwick >> >> "You want us to do WHAT?" - Ancient Chinese wall engineer. >> > > --bcaec501c5dcacf88004b2f5d79d Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Ok, it seems I'll stick with dmcrypt using http://en.gentoo-wiki.com/wiki/DM-Crypt.
Tha= nks for your responses guys!
Peter

201= 1/11/30 Felix Kuperjans <felix@desaster-games.com>
=20 =20 =20
Hello Peter,

dmcrypt works perfectly without initrd as long as you do not encrypt the root filesystem.

So for encrypted home directories, you can just create and use a LUKS volume with dmcrypt (AFAIK the fastest and easy-to-use way).

Regarding other techniques like gpg or truecrypt, you should keep in mind, that dmcrypt works directly in the kernelspace, so it may be a lot faster with the same encryption strength (but it don't know any benchmark about that).

Regards,
Felix .

Am 30.11.2011 16:40, schrieb czernitko:
Hello, thanks for your= response, Neil!
As for dmcrypt usage, what do you think about truecrypt or pgp whole disk encryption as alternatives to dmcrypt?
I would like to have only one partition with all home directories on it, and I would like to avoid usage of initrd as I don't use i= t now and I would like to keep it that way if possible.

Peter


2011/11/30 Neil Bothwick <neil@digimed.c= o.uk>
On Wed, 30 Nov 2011 16:19:18 +0100, czernitko wrote:

> I would like to set up an encrypted partition for my /home directories
> on Gentoo Hardened. Which approach do you recommend?

Do you want a single encrypted filesystem, or separately encrypted home
directories for each user. for the former, emerge cryptsetup, use it to
create the encrypted block device and set it up in /etc/conf.d/dmcrypt.

For individually encrypted home directories, using ecryptfs on top of a
standard filesystem, as used by Ubuntu, is probably the best way.


--
Neil Bothwick

"You want us to do WHAT?" - Ancient Chinese wall en= gineer.


--bcaec501c5dcacf88004b2f5d79d--