| 1 |
Sebastiaan L. Zoutendijk wrote: |
| 2 |
> Dear Dale, |
| 3 |
> |
| 4 |
> On Friday 5 June 2020, 11.37pm -0500, Dale wrote: |
| 5 |
> |
| 6 |
>> Is this a secure method or is there a more secure way? Is there any |
| 7 |
>> known issues with using this? Anyone here use this method? Keep in |
| 8 |
>> mind, LVM. BTFRS, SP?, may come later. |
| 9 |
> Another thing to keep in mind: if you only encrypt your /home, it is |
| 10 |
> possible that some data leak out of the encrypted volume. For example, |
| 11 |
> if you use swap, then the decrypted contents of /home residing in RAM |
| 12 |
> can be swapped out. If you want to protect yourself against that, you |
| 13 |
> will need to encrypt the swap volume as well. The same could happen with |
| 14 |
> temporary files, so /tmp and /var/tmp might also need special treatment. |
| 15 |
> Aside from encrypting, tmpfs is another possibility here. |
| 16 |
> This problem is similar, but slightly different, to that described |
| 17 |
> by J. Roeleveld. Here I am talking about the contents of your files |
| 18 |
> leaking, instead of the LUKS keys. |
| 19 |
> If you are going to encrypt multiple filesystems, you can either |
| 20 |
> make separate LUKS volumes for each of them (each LUKS volume being |
| 21 |
> inside a partition or LVM volume, for example), or you can create one |
| 22 |
> LUKS volume with several LVM volumes inside. |
| 23 |
> |
| 24 |
> Sincerely, |
| 25 |
> |
| 26 |
> Bas |
| 27 |
> |
| 28 |
> |
| 29 |
> -- |
| 30 |
> Sebastiaan L. Zoutendijk | slzoutendijk@×××××.com |
| 31 |
> |
| 32 |
> |
| 33 |
|
| 34 |
|
| 35 |
That's something to think on. Right now, I'm going sorta simple and |
| 36 |
data that if I forget the password, I still got copies of. No big |
| 37 |
loss. Later on tho, that info could come in handy. I know a guy that |
| 38 |
has his locked down tight. I suspect everything is password protected. |
| 39 |
He was in China for a bit and it was sort of a requirement. |
| 40 |
|
| 41 |
Off to youtube. |
| 42 |
|
| 43 |
Dale |
| 44 |
|
| 45 |
:-) :-) |
Archives