[NCLUG] Encrypted Filesystems?

[Bob Proulx]

Paul Hummer wrote:
> With encryption in general, you're going to see a performance decrease.
> Think about how WEP and WPA encryption effect a wireless network.  So if
> you're really wanting to encrypt the data, expect that performance hit,
> and just live with it.

I agree.  You can't get something for nothing.

> I had a similar thought to this last week when I was formally setting up
> backups for all my computers here at home.  If I just backed up home, I
> would have to make sure everything I wanted was in home.  But then I
> thought about /etc, which contains all my configurations.  I wouldn't
> want to lose that.  But then there was /opt, where I like to install ...

Yep.  The same circle of thinking that I went through.  If it is worth
encrypting then it is worth doing all of it.

> I'd strongly suggest encrypting the whole drive, or maybe not
> encrypt swap, but everything else.

Documentation suggests that swap is very important to encrypt because
the memory image stored there would be vulnerable.  However I think
practically it is less likely to be attacked mostly because people
would not bother with it.  Whereas files on disk are just there for
the picking.

> I don't encrypt anything on my laptop anymore because I use vtun to
> log into a central server if I need something important.

I am often not network connected and work offline.  For me my laptop
is a portable desktop.  For others a thin client x-terminal.  But for
me working only online would not be enough.

Thanks for the input.

Bob