1 |
Hello Peter, |
2 |
|
3 |
dmcrypt works perfectly without initrd as long as you do not encrypt the |
4 |
root filesystem. |
5 |
|
6 |
So for encrypted home directories, you can just create and use a LUKS |
7 |
volume with dmcrypt (AFAIK the fastest and easy-to-use way). |
8 |
|
9 |
Regarding other techniques like gpg or truecrypt, you should keep in |
10 |
mind, that dmcrypt works directly in the kernelspace, so it may be a lot |
11 |
faster with the same encryption strength (but it don't know any |
12 |
benchmark about that). |
13 |
|
14 |
Regards, |
15 |
Felix |
16 |
|
17 |
Am 30.11.2011 16:40, schrieb czernitko: |
18 |
> Hello, thanks for your response, Neil! |
19 |
> As for dmcrypt usage, what do you think about truecrypt or pgp whole |
20 |
> disk encryption as alternatives to dmcrypt? |
21 |
> I would like to have only one partition with all home directories on |
22 |
> it, and I would like to avoid usage of initrd as I don't use it now |
23 |
> and I would like to keep it that way if possible. |
24 |
> |
25 |
> Peter |
26 |
> |
27 |
> |
28 |
> 2011/11/30 Neil Bothwick <neil@××××××××××.uk <mailto:neil@××××××××××.uk>> |
29 |
> |
30 |
> On Wed, 30 Nov 2011 16:19:18 +0100, czernitko wrote: |
31 |
> |
32 |
> > I would like to set up an encrypted partition for my /home |
33 |
> directories |
34 |
> > on Gentoo Hardened. Which approach do you recommend? |
35 |
> |
36 |
> Do you want a single encrypted filesystem, or separately encrypted |
37 |
> home |
38 |
> directories for each user. for the former, emerge cryptsetup, use |
39 |
> it to |
40 |
> create the encrypted block device and set it up in |
41 |
> /etc/conf.d/dmcrypt. |
42 |
> |
43 |
> For individually encrypted home directories, using ecryptfs on top |
44 |
> of a |
45 |
> standard filesystem, as used by Ubuntu, is probably the best way. |
46 |
> |
47 |
> |
48 |
> -- |
49 |
> Neil Bothwick |
50 |
> |
51 |
> "You want us to do WHAT?" - Ancient Chinese wall engineer. |
52 |
> |
53 |
> |