From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
by finch.gentoo.org with esmtp (Exim 4.60)
(envelope-from <gentoo-user+bounces-131821-garchives=archives.gentoo.org@lists.gentoo.org>)
id 1RVmcS-0005rs-QL
for garchives@archives.gentoo.org; Wed, 30 Nov 2011 16:02:49 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 3628721C0BD;
Wed, 30 Nov 2011 16:02:24 +0000 (UTC)
Received: from mail-vw0-f53.google.com (mail-vw0-f53.google.com [209.85.212.53])
by pigeon.gentoo.org (Postfix) with ESMTP id C9B3521C03A
for <gentoo-user@lists.gentoo.org>; Wed, 30 Nov 2011 16:01:02 +0000 (UTC)
Received: by vbbff1 with SMTP id ff1so563806vbb.40
for <gentoo-user@lists.gentoo.org>; Wed, 30 Nov 2011 08:01:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type;
bh=KoVwr702bTBO95NX3v2id5DYqBvSpnxcaeP5pjb3gb0=;
b=tyxbSa4XeQoXFf/2a75iOL1wmUHtd/YNKHvkS3e+zHUW+waaf8J7jcoAU9uWCXznts
crNdG5siCZxWf8fN1g3t+vNER7oTndR+f6Si/HYe7QCdjhutusCoibSkOhDcsYfF07In
8fAgYWzsRpS2+0vt0MUpI4FNP2wA6BQh6xgdo=
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.52.177.38 with SMTP id cn6mr2584923vdc.8.1322668862011; Wed,
30 Nov 2011 08:01:02 -0800 (PST)
Received: by 10.52.188.104 with HTTP; Wed, 30 Nov 2011 08:01:01 -0800 (PST)
In-Reply-To: <4ED6503C.5070606@desaster-games.com>
References: <CAPFNKCJwCPKgW4guD_XaiMjx-Ln9AoSb1F1wPVF+dja8ru8gaQ@mail.gmail.com>
<20111130152753.176a9a08@hactar.digimed.co.uk>
<CAPFNKCJm0BP8NA-7ULdD+D+=4br-vjuUp+cOf7EB0k2YvfzeJg@mail.gmail.com>
<4ED6503C.5070606@desaster-games.com>
Date: Wed, 30 Nov 2011 17:01:01 +0100
Message-ID: <CAPFNKCJgTK4U_1d=51wS62mqoM5ikZLKivTYTDCJZpzFBpcTOQ@mail.gmail.com>
Subject: Re: [gentoo-user] Full disk encryption
From: czernitko <czernitko@gmail.com>
To: gentoo-user@lists.gentoo.org
Content-Type: multipart/alternative; boundary=bcaec501c5dcacf88004b2f5d79d
X-Archives-Salt: 81458560-4a46-463d-8097-4574ebc6223c
X-Archives-Hash: 14b406d9096b80381f2dc79c275f107a
--bcaec501c5dcacf88004b2f5d79d
Content-Type: text/plain; charset=ISO-8859-1
Ok, it seems I'll stick with dmcrypt using
http://en.gentoo-wiki.com/wiki/DM-Crypt.
Thanks for your responses guys!
Peter
2011/11/30 Felix Kuperjans <felix@desaster-games.com>
> Hello Peter,
>
> dmcrypt works perfectly without initrd as long as you do not encrypt the
> root filesystem.
>
> So for encrypted home directories, you can just create and use a LUKS
> volume with dmcrypt (AFAIK the fastest and easy-to-use way).
>
> Regarding other techniques like gpg or truecrypt, you should keep in mind,
> that dmcrypt works directly in the kernelspace, so it may be a lot faster
> with the same encryption strength (but it don't know any benchmark about
> that).
>
> Regards,
> Felix .
>
> Am 30.11.2011 16:40, schrieb czernitko:
>
> Hello, thanks for your response, Neil!
> As for dmcrypt usage, what do you think about truecrypt or pgp whole disk
> encryption as alternatives to dmcrypt?
> I would like to have only one partition with all home directories on it,
> and I would like to avoid usage of initrd as I don't use it now and I would
> like to keep it that way if possible.
>
> Peter
>
>
> 2011/11/30 Neil Bothwick <neil@digimed.co.uk>
>
>> On Wed, 30 Nov 2011 16:19:18 +0100, czernitko wrote:
>>
>> > I would like to set up an encrypted partition for my /home directories
>> > on Gentoo Hardened. Which approach do you recommend?
>>
>> Do you want a single encrypted filesystem, or separately encrypted home
>> directories for each user. for the former, emerge cryptsetup, use it to
>> create the encrypted block device and set it up in /etc/conf.d/dmcrypt.
>>
>> For individually encrypted home directories, using ecryptfs on top of a
>> standard filesystem, as used by Ubuntu, is probably the best way.
>>
>>
>> --
>> Neil Bothwick
>>
>> "You want us to do WHAT?" - Ancient Chinese wall engineer.
>>
>
>
--bcaec501c5dcacf88004b2f5d79d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Ok, it seems I'll stick with dmcrypt using <a href=3D"http://en.gentoo-=
wiki.com/wiki/DM-Crypt">http://en.gentoo-wiki.com/wiki/DM-Crypt</a>.<br>Tha=
nks for your responses guys!<br>Peter<br><br><div class=3D"gmail_quote">201=
1/11/30 Felix Kuperjans <span dir=3D"ltr"><<a href=3D"mailto:felix@desas=
ter-games.com">felix@desaster-games.com</a>></span><br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex;">
=20
=20
=20
<div bgcolor=3D"#FFFFFF" text=3D"#000000">
Hello Peter,<br>
<br>
dmcrypt works perfectly without initrd as long as you do not encrypt
the root filesystem.<br>
<br>
So for encrypted home directories, you can just create and use a
LUKS volume with dmcrypt (AFAIK the fastest and easy-to-use way).<br>
<br>
Regarding other techniques like gpg or truecrypt, you should keep in
mind, that dmcrypt works directly in the kernelspace, so it may be a
lot faster with the same encryption strength (but it don't know any
benchmark about that).<br>
<br>
Regards,<br>
Felix . <br>
<br>
Am 30.11.2011 16:40, schrieb czernitko:
<div><div class=3D"h5"><blockquote type=3D"cite">Hello, thanks for your=
response, Neil! <br>
As for dmcrypt usage, what do you think about truecrypt or pgp
whole disk encryption as alternatives to dmcrypt?<br>
I would like to have only one partition with all home directories
on it, and I would like to avoid usage of initrd as I don't use i=
t
now and I would like to keep it that way if possible.<br>
<br>
Peter<br>
<br>
<br>
<div class=3D"gmail_quote">2011/11/30 Neil Bothwick <span dir=3D"ltr"=
><<a href=3D"mailto:neil@digimed.co.uk" target=3D"_blank">neil@digimed.c=
o.uk</a>></span><br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border=
-left:1px #ccc solid;padding-left:1ex">
<div>On Wed, 30 Nov 2011 16:19:18 +0100, czernitko
wrote:<br>
<br>
> I would like to set up an encrypted partition for my
/home directories<br>
> on Gentoo Hardened. Which approach do you recommend?<br>
<br>
</div>
Do you want a single encrypted filesystem, or separately
encrypted home<br>
directories for each user. for the former, emerge cryptsetup,
use it to<br>
create the encrypted block device and set it up in
/etc/conf.d/dmcrypt.<br>
<br>
For individually encrypted home directories, using ecryptfs on
top of a<br>
standard filesystem, as used by Ubuntu, is probably the best
way.<br>
<span><font color=3D"#888888"><br>
<br>
--<br>
Neil Bothwick<br>
<br>
"You want us to do WHAT?" - Ancient Chinese wall en=
gineer.<br>
</font></span></blockquote>
</div>
<br>
</blockquote>
</div></div></div>
</blockquote></div><br>
--bcaec501c5dcacf88004b2f5d79d--