On Sun, Sep 11, 2011 at 02:23:37PM +0100, Jon Dowland wrote:
> I think it would be wonderful to have such ease-of-use $HOME
> encryption in Debian. Ubuntu's scheme uses ecryptfs. Before I begin
> looking into how best I might help work towards this, I was wondering
> if experienced people could w
Le mardi 13 septembre 2011 à 21:14 +0100, Jon Dowland a écrit :
> For a single-user system, is it possible to pass through the decryption
> password to later processes, to avoid needing to provide another password to
> log in? I know you could set your display manager to auto-login, but that
> do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey list,
Thanks to Jon for raising the topic on this list. It would be great to
enhance the disk encryption support in Debian(-Installer).
Am 13.09.2011 22:14, schrieb Jon Dowland:
> On Sun, Sep 11, 2011 at 10:46:41PM +0200, intrigeri wrote:
>> E.g.
On Tue, Sep 13, 2011 at 09:14:39PM +0100, Jon Dowland wrote:
[...]
> Can we make full-disk encryption more convenient?
[...]
I'm not sure it could be any more convenient than it already is to
configure, at least as far as D-I is concerned. It has a
partitioning option or two which are guided with
On Sun, Sep 11, 2011 at 10:46:41PM +0200, intrigeri wrote:
> E.g. data may be written in cleartext swap, in hibernation images,
> temporary data may be written at various places on disk that are not
> in $HOME: cups spool, /var/tmp, etc.
That's true. But there are varying levels of risk: a fully
On Mon, Sep 12, 2011 at 09:41:12AM +0200, Rolf Kutz wrote:
[...]
> An encrypted /home can still be backuped easily by administrators
> without being able to see inside.
An administrator (assuming by administrator you mean root or an
account with access to root-level privs) can easily trojan the
ne
Hi there!
On Mon, 12 Sep 2011 13:05:38 +0200, Jonas Meurer wrote:
> Am 12.09.2011 12:55, schrieb Luca Capello:
[TRIM support for dm-crypt merged into Linux 3.1]
>> Something I completely forgot in my first email, which is the real
>> question: are my data as much secure with SSD TRIM as without?
>
Hey list,
Am 12.09.2011 12:55, schrieb Luca Capello:
> On Mon, 12 Sep 2011 10:54:00 +0200, Philipp Kern wrote:
>> On 2011-09-12, Luca Capello wrote:
>>> On Mon, 12 Sep 2011 06:50:29 +0200, martin f krafft wrote:
> n>>> also sprach intrigeri [2011.09.11.2246
> +0200]:
> The d-i already suppo
Hi there!
On Mon, 12 Sep 2011 10:54:00 +0200, Philipp Kern wrote:
> On 2011-09-12, Luca Capello wrote:
>> On Mon, 12 Sep 2011 06:50:29 +0200, martin f krafft wrote:
n>>> also sprach intrigeri [2011.09.11.2246
+0200]:
The d-i already supports easy *full* system encryption, swap
include
On 2011-09-12, Luca Capello wrote:
> On Mon, 12 Sep 2011 06:50:29 +0200, martin f krafft wrote:
>> also sprach intrigeri [2011.09.11.2246
>> +0200]:
>>> The d-i already supports easy *full* system encryption, swap
>>> included.
>> I think this is what people should be using, not a high-level hac
Hi there!
On Mon, 12 Sep 2011 06:50:29 +0200, martin f krafft wrote:
> also sprach intrigeri [2011.09.11.2246
> +0200]:
>> The d-i already supports easy *full* system encryption, swap
>> included.
>
> I think this is what people should be using, not a high-level hack
> like ecryptfs.
+1, but if
On 12/09/11 10:12 +0200, martin f krafft wrote:
[ecryptfs as /home]
True. At the same time, it exposes quite a lot of information, e.g.
structure of the tree. I don't know how much of that could be used
in a plain-text attack.
Ack.
Note, however, that I don't really know ecryptfs. I only brie
also sprach Rolf Kutz [2011.09.12.0941 +0200]:
> There might be different use cases. An encrypted /home can still
> be backuped easily by administrators without being able to see
> inside.
True. At the same time, it exposes quite a lot of information, e.g.
structure of the tree. I don't know how
On 12/09/11 06:50 +0200, martin f krafft wrote:
also sprach intrigeri [2011.09.11.2246 +0200]:
The d-i already supports easy *full* system encryption, swap
included.
I think this is what people should be using, not a high-level hack
like ecryptfs.
There might be different use cases. An encr
also sprach intrigeri [2011.09.11.2246 +0200]:
> The d-i already supports easy *full* system encryption, swap
> included.
I think this is what people should be using, not a high-level hack
like ecryptfs.
However, I suppose you can only set this up during installation, and
converting a system lat
Hi,
Jon Dowland wrote (11 Sep 2011 13:23:37 GMT) :
> I like encrypted $HOME and making the use of them as easy for people
> as possible.
So do I.
However, before we go deep into implementation details, I need to ask
what kind of usecase(s) and threat model(s) you have in mind and are
trying to s
I like encrypted $HOME and making the use of them as easy for people
as possible.
On creation of the first user, Ubuntu's installer offers a checkbox
labelled something like "Encrypt the user's files". That's it: just
one check-box. If set, upon login, a PAM module unlocks and mounts a
loopback d
17 matches
Mail list logo
