Gentoo Archives: gentoo-security

From: Randy Barlow <randy@×××××××××××××××××.com>
To: gentoo-security@l.g.o
Subject: [gentoo-security] Encrypting a user home folder on a laptop
Date: Fri, 15 Feb 2008 23:10:56
Message-Id: 47B61BB5.7040905@electronsweatshop.com
1 I am probably being paranoid, but I'd like to encrypt my /home/username
2 folder on my laptop. I tried EncFS using [1], but KDE didn't seem to
3 work under that setup because of the restriction that the filesystem
4 doesn't support hardlinks. So now I am playing around with [2]. The
5 only problem I have here is that it seems like I have to know in advance
6 what size I want to use for my home folder (I am using a file as a
7 loopback device rather than a partition, mostly because I already have a
8 system up and don't want to mess with resizing partitions). Is there
9 any way to resize the loopback device on the fly, or do you just have to
10 create a new one and copy the files into it every time you need to resize?
11
12 Another question I have: I am pretty new to ciphers. One thing I have
13 learned is that the avalanche effect is desirable, meaning that one bit
14 flipped in the plaintext should cause about half of the ciphertext bits
15 to flip. Does the dm-crypt setup have much correlation between
16 encryption blocks to where this avalanche effect would change the whole
17 file, or just a few encryption blocks? To illustrate, I'm looking to
18 encrypt probably something like 40 GB of data. If I change 1 bit
19 somewhere in my plaintext, how many bytes of that 40 GB of total data on
20 my loopback device should I expect that bit flip to have an effect on?
21
22 Thanks for any enlightenment you can offer!
23
24 [1] http://gentoo-wiki.com/HOWTO_Encrypt_Your_Home_Directory_Using_EncFS
25 [2] http://gentoo-wiki.com/SECURITY_dmcrypt
26
27 --
28 Randy Barlow
29 http://electronsweatshop.com
30 --
31 gentoo-security@l.g.o mailing list

Replies

Subject Author
Re: [gentoo-security] Encrypting a user home folder on a laptop Florian Philipp <lists@××××××××××××××××××.net>
Re: [gentoo-security] Encrypting a user home folder on a laptop Sune Kloppenborg Jeppesen <jaervosz@g.o>
Re: [gentoo-security] Encrypting a user home folder on a laptop Wojciech Ziniewicz <wojciech.ziniewicz@×××××.com>
Re: [gentoo-security] Encrypting a user home folder on a laptop Florian Sowade <f.sowade@×××.de>