1 |
Worth is a subjective term; what are your goals? :p I'm sure there could |
2 |
be performance differences, but I go back to the 'multiple levels' concept. |
3 |
|
4 |
Can you clarify the differences between encrypted home directory vs. |
5 |
encrypted root filesystems in your mind? Do you really mean encrypting |
6 |
ONLY home directories vs. encrypting ALL partitions? Just wanted to be |
7 |
certain. |
8 |
|
9 |
[1] A /tmp encrypted filesystem isn't any different than any other |
10 |
encrypted file - is it? You can have a encrypted partition that multiple |
11 |
users can mount with their token key. Such as done with 'example 5' of |
12 |
loop-aes (http://loop-aes.sourceforge.net/loop-AES.README) |
13 |
[2] I'd also like to mention enough memory and NOT USING SWAP at all. |
14 |
[3] If you have a scenario where you are a user that doesn't trust the |
15 |
system and want a chance at keeping YOUR data out of prying eyes the the |
16 |
per-user temporary directories could be of use. |
17 |
|
18 |
Finally my other thoughts are that since *my* goal is to be *more* |
19 |
secure and not set the goal I will be absolutely secure; something as |
20 |
simple as ensuring all your temp files (or unencrypted volumes) are |
21 |
deleted and wiped clean during logout (if you own the machine) could be |
22 |
worth it. Yes, it may be unsecure during operation and it could be |
23 |
interrupted before the shutdown wipe. But not most of the time. |
24 |
|
25 |
N. |
26 |
|
27 |
mike@××××.org wrote: |
28 |
|
29 |
> I haven't seen anything directly like this on the gentoo-hardened list |
30 |
> |
31 |
>>yet. I have seen the loopback encrypted filesystems and distro |
32 |
>>discussions (nothing that isn't in the archives). |
33 |
>> |
34 |
>> |
35 |
> |
36 |
>Norman, you brought up some great points. I am familiar with TEMPEST, but am |
37 |
>not far enough into this to start trying to mitigate its risk yet. |
38 |
> |
39 |
>I now have a few questions about the encrypted home directory scenario (most of |
40 |
>root filesystem is plaintext). Basically, is it worth it vs. an encrypted root |
41 |
>filesystem? Besides encrypting swap, one sticky point is encrypting /tmp. Here |
42 |
>are a few potential solutions: |
43 |
> |
44 |
>1. Make /tmp an encrypted filesystem, generated at boot time with a random key |
45 |
>(much like encrypted swap space). |
46 |
> |
47 |
>2. If you have enough memory and/or encrypted swap, use Linux's tmpfs. |
48 |
> |
49 |
>3. Implement per-user temporary directories in each user's encrypted $HOME. |
50 |
>Obviously all applications must know to use $HOME/tmp instead of /tmp. This may |
51 |
>be difficult to ensure. |
52 |
> |
53 |
>Plain text /tmp is of course bad because, for example, vi may leak secrets by |
54 |
>creating recovery files there. So what is the best solution? Or are there too |
55 |
>many potential loopholes when using encrypted home directories vs. encrypted |
56 |
>root filesystem? |
57 |
> |
58 |
>-- |
59 |
>Mike |
60 |
> |
61 |
> |
62 |
>-- |
63 |
>gentoo-hardened@g.o mailing list |
64 |
> |
65 |
> |
66 |
> |
67 |
|
68 |
|
69 |
-- |
70 |
gentoo-hardened@g.o mailing list |