Nick Guenther wrote:
On 10/6/07, Timo Myyrd <[EMAIL PROTECTED]> wrote:
I'm just trying to encrypt my laptops /home partition to hide my
personal info if the worst happens and my lappy is stolen.
I'm wondering what would be the best method to encrypt the hard drive? I
saw some discussion on the mailing list recently and somebody pointed
out that I could encrypt whole partition.
I'm currently creating a image within a partition which I intend to
encrypt then as instructed for example here:
http://www.blackant.net/other/docs/howto-encrypted-home.php
Which would be a better method, the separate image or encrypt whole
partition and how to encrypt whole partition on OpenBSD?
*The* way to make encrypted disks on OpenBSD is through vnconfig -k.
Go read up on that and come back.
Then here's what you can do (it's dead simple):
# vnconfig -k <key> svnd0 /path/to/image
# mount /dev/svnd0 /home
#note: the image file should be available somewhere that isn't /home,
obviously... you may be able to have a /home with it on there and then
mount over that and it might keep working but it's just asking for
trouble to do it that way
using the -K switch for vnconfig is good if you're worried about offline
brute forcing.
are you sure you want to encrypt your *whole* drive though? Is your
data really that secret? For most people there are only a few /really
secret/ things, and you can just make a small secure partition and
place them in there. Encryption does take a performance hit.
the performance hit is pretty unnoticeable unless you're doing lots of
reads and writes, e.g. a fileserver. on a decently fast machine you can
get 20-30 MBps read and write speed on an encrypted image which is
plenty for your /home in most cases.
-Nick
