| 1 |
Worth is a subjective term; what are your goals? :p I'm sure there could |
| 2 |
be performance differences, but I go back to the 'multiple levels' concept. |
| 3 |
|
| 4 |
Can you clarify the differences between encrypted home directory vs. |
| 5 |
encrypted root filesystems in your mind? Do you really mean encrypting |
| 6 |
ONLY home directories vs. encrypting ALL partitions? Just wanted to be |
| 7 |
certain. |
| 8 |
|
| 9 |
[1] A /tmp encrypted filesystem isn't any different than any other |
| 10 |
encrypted file - is it? You can have a encrypted partition that multiple |
| 11 |
users can mount with their token key. Such as done with 'example 5' of |
| 12 |
loop-aes (http://loop-aes.sourceforge.net/loop-AES.README) |
| 13 |
[2] I'd also like to mention enough memory and NOT USING SWAP at all. |
| 14 |
[3] If you have a scenario where you are a user that doesn't trust the |
| 15 |
system and want a chance at keeping YOUR data out of prying eyes the the |
| 16 |
per-user temporary directories could be of use. |
| 17 |
|
| 18 |
Finally my other thoughts are that since *my* goal is to be *more* |
| 19 |
secure and not set the goal I will be absolutely secure; something as |
| 20 |
simple as ensuring all your temp files (or unencrypted volumes) are |
| 21 |
deleted and wiped clean during logout (if you own the machine) could be |
| 22 |
worth it. Yes, it may be unsecure during operation and it could be |
| 23 |
interrupted before the shutdown wipe. But not most of the time. |
| 24 |
|
| 25 |
N. |
| 26 |
|
| 27 |
mike@××××.org wrote: |
| 28 |
|
| 29 |
> I haven't seen anything directly like this on the gentoo-hardened list |
| 30 |
> |
| 31 |
>>yet. I have seen the loopback encrypted filesystems and distro |
| 32 |
>>discussions (nothing that isn't in the archives). |
| 33 |
>> |
| 34 |
>> |
| 35 |
> |
| 36 |
>Norman, you brought up some great points. I am familiar with TEMPEST, but am |
| 37 |
>not far enough into this to start trying to mitigate its risk yet. |
| 38 |
> |
| 39 |
>I now have a few questions about the encrypted home directory scenario (most of |
| 40 |
>root filesystem is plaintext). Basically, is it worth it vs. an encrypted root |
| 41 |
>filesystem? Besides encrypting swap, one sticky point is encrypting /tmp. Here |
| 42 |
>are a few potential solutions: |
| 43 |
> |
| 44 |
>1. Make /tmp an encrypted filesystem, generated at boot time with a random key |
| 45 |
>(much like encrypted swap space). |
| 46 |
> |
| 47 |
>2. If you have enough memory and/or encrypted swap, use Linux's tmpfs. |
| 48 |
> |
| 49 |
>3. Implement per-user temporary directories in each user's encrypted $HOME. |
| 50 |
>Obviously all applications must know to use $HOME/tmp instead of /tmp. This may |
| 51 |
>be difficult to ensure. |
| 52 |
> |
| 53 |
>Plain text /tmp is of course bad because, for example, vi may leak secrets by |
| 54 |
>creating recovery files there. So what is the best solution? Or are there too |
| 55 |
>many potential loopholes when using encrypted home directories vs. encrypted |
| 56 |
>root filesystem? |
| 57 |
> |
| 58 |
>-- |
| 59 |
>Mike |
| 60 |
> |
| 61 |
> |
| 62 |
>-- |
| 63 |
>gentoo-hardened@g.o mailing list |
| 64 |
> |
| 65 |
> |
| 66 |
> |
| 67 |
|
| 68 |
|
| 69 |
-- |
| 70 |
gentoo-hardened@g.o mailing list |
Archives