Gentoo Archives: gentoo-security

From: Randy Barlow <randy@×××××××××××××××××.com>
To: gentoo-security@l.g.o
Subject: [gentoo-security] Encrypting a user home folder on a laptop
Date: Fri, 15 Feb 2008 23:10:56
Message-Id: 47B61BB5.7040905@electronsweatshop.com
I am probably being paranoid, but I'd like to encrypt my /home/username
folder on my laptop.  I tried EncFS using [1], but KDE didn't seem to
work under that setup because of the restriction that the filesystem
doesn't support hardlinks.  So now I am playing around with [2].  The
only problem I have here is that it seems like I have to know in advance
what size I want to use for my home folder (I am using a file as a
loopback device rather than a partition, mostly because I already have a
system up and don't want to mess with resizing partitions).  Is there
any way to resize the loopback device on the fly, or do you just have to
create a new one and copy the files into it every time you need to resize?

Another question I have: I am pretty new to ciphers.  One thing I have
learned is that the avalanche effect is desirable, meaning that one bit
flipped in the plaintext should cause about half of the ciphertext bits
to flip.  Does the dm-crypt setup have much correlation between
encryption blocks to where this avalanche effect would change the whole
file, or just a few encryption blocks?  To illustrate, I'm looking to
encrypt probably something like 40 GB of data.  If I change 1 bit
somewhere in my plaintext, how many bytes of that 40 GB of total data on
my loopback device should I expect that bit flip to have an effect on?

Thanks for any enlightenment you can offer!

[1] http://gentoo-wiki.com/HOWTO_Encrypt_Your_Home_Directory_Using_EncFS
[2] http://gentoo-wiki.com/SECURITY_dmcrypt

-- 
Randy Barlow
http://electronsweatshop.com
-- 
gentoo-security@l.g.o mailing list

Replies

Subject Author
Re: [gentoo-security] Encrypting a user home folder on a laptop Florian Philipp <lists@××××××××××××××××××.net>
Re: [gentoo-security] Encrypting a user home folder on a laptop Wojciech Ziniewicz <wojciech.ziniewicz@×××××.com>
Re: [gentoo-security] Encrypting a user home folder on a laptop Florian Sowade <f.sowade@×××.de>
Re: [gentoo-security] Encrypting a user home folder on a laptop Sune Kloppenborg Jeppesen <jaervosz@g.o>