| 1 |
Ok, it seems I'll stick with dmcrypt using |
| 2 |
http://en.gentoo-wiki.com/wiki/DM-Crypt. |
| 3 |
Thanks for your responses guys! |
| 4 |
Peter |
| 5 |
|
| 6 |
2011/11/30 Felix Kuperjans <felix@××××××××××××××.com> |
| 7 |
|
| 8 |
> Hello Peter, |
| 9 |
> |
| 10 |
> dmcrypt works perfectly without initrd as long as you do not encrypt the |
| 11 |
> root filesystem. |
| 12 |
> |
| 13 |
> So for encrypted home directories, you can just create and use a LUKS |
| 14 |
> volume with dmcrypt (AFAIK the fastest and easy-to-use way). |
| 15 |
> |
| 16 |
> Regarding other techniques like gpg or truecrypt, you should keep in mind, |
| 17 |
> that dmcrypt works directly in the kernelspace, so it may be a lot faster |
| 18 |
> with the same encryption strength (but it don't know any benchmark about |
| 19 |
> that). |
| 20 |
> |
| 21 |
> Regards, |
| 22 |
> Felix . |
| 23 |
> |
| 24 |
> Am 30.11.2011 16:40, schrieb czernitko: |
| 25 |
> |
| 26 |
> Hello, thanks for your response, Neil! |
| 27 |
> As for dmcrypt usage, what do you think about truecrypt or pgp whole disk |
| 28 |
> encryption as alternatives to dmcrypt? |
| 29 |
> I would like to have only one partition with all home directories on it, |
| 30 |
> and I would like to avoid usage of initrd as I don't use it now and I would |
| 31 |
> like to keep it that way if possible. |
| 32 |
> |
| 33 |
> Peter |
| 34 |
> |
| 35 |
> |
| 36 |
> 2011/11/30 Neil Bothwick <neil@××××××××××.uk> |
| 37 |
> |
| 38 |
>> On Wed, 30 Nov 2011 16:19:18 +0100, czernitko wrote: |
| 39 |
>> |
| 40 |
>> > I would like to set up an encrypted partition for my /home directories |
| 41 |
>> > on Gentoo Hardened. Which approach do you recommend? |
| 42 |
>> |
| 43 |
>> Do you want a single encrypted filesystem, or separately encrypted home |
| 44 |
>> directories for each user. for the former, emerge cryptsetup, use it to |
| 45 |
>> create the encrypted block device and set it up in /etc/conf.d/dmcrypt. |
| 46 |
>> |
| 47 |
>> For individually encrypted home directories, using ecryptfs on top of a |
| 48 |
>> standard filesystem, as used by Ubuntu, is probably the best way. |
| 49 |
>> |
| 50 |
>> |
| 51 |
>> -- |
| 52 |
>> Neil Bothwick |
| 53 |
>> |
| 54 |
>> "You want us to do WHAT?" - Ancient Chinese wall engineer. |
| 55 |
>> |
| 56 |
> |
| 57 |
> |
Archives