[NCLUG] Encrypted Filesystems?

Paul Hummer paul at eventuallyanyway.com
Sun Apr 15 08:57:05 MDT 2007


With encryption in general, you're going to see a performance decrease.
Think about how WEP and WPA encryption effect a wireless network.  So if
you're really wanting to encrypt the data, expect that performance hit,
and just live with it.

I had a similar thought to this last week when I was formally setting up
backups for all my computers here at home.  If I just backed up home, I
would have to make sure everything I wanted was in home.  But then I
thought about /etc, which contains all my configurations.  I wouldn't
want to lose that.  But then there was /opt, where I like to install
software that I don't want intermingled with my system's software (if I
were to just be evaluating it or something).  It ended up that if I just
backed up home, I'd have to remember to put all my important stuff in
home, rather than the whole thing.  If you just encrypt home, or a
/mnt/encrypted, then you've got to make sure that all private files are
there.  You've still got the liability of the user there.  I'd strongly
suggest encrypting the whole drive, or maybe not encrypt swap, but
everything else.  I don't encrypt anything on my laptop anymore because
I use vtun to log into a central server if I need something important. 
However, when I did, I set up the whole drive, and the encryption key
was stored on a USB drive that was REQUIRED for the system to boot. 
Once it booted, it was fine, but not until then.  If you lose that USB
drive though, you're screwed...

Hope that helps.

Paul

Bob Proulx wrote:
> I am starting to play around with encrypted filesystems on a laptop.
> It seems like the obvious thing to do.  Then if it is lost or stolen
> the data is not exposed.
>
> The simplest thing seems to be to create an encrypted physical volume
> and then use lvm on top of that.  Create a swap and root volume out of
> it and just have everything encrypted.  However then there is a
> performance penalty for everything.  (I don't know how that would
> affect playing video from disk for example.)
>
> So of course I considered just an encrypted /home.  But I have a lot
> of source code that I normally keep in my home directory and building
> source there would seem to be a waste of cpu cycles.  I could link of
> of it I suppose.
>
> So of course I thought about an additional filesystem that would be
> encrypted such as /mnt/encrypted.  I could just keep anything that I
> felt was important there.  But that is also a pain.
>
> So of course I thought about simply encrypting the entire filesystem,
> and came full circle.
>
> Being gripped by "analysis paralysis" I thought I would ask if other
> had given this very much thought?  And if so what they had decided to
> do on their laptop systems?
>
> Bob
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
>
> To unsubscribe, subscribe, or modify 
> your settings, go to: 
> http://www.nclug.org/mailman/listinfo/nclug
>
>   




More information about the NCLUG mailing list