1 |
Sebastiaan L. Zoutendijk wrote: |
2 |
> Dear Dale, |
3 |
> |
4 |
> On Friday 5 June 2020, 11.37pm -0500, Dale wrote: |
5 |
> |
6 |
>> Is this a secure method or is there a more secure way? Is there any |
7 |
>> known issues with using this? Anyone here use this method? Keep in |
8 |
>> mind, LVM. BTFRS, SP?, may come later. |
9 |
> Another thing to keep in mind: if you only encrypt your /home, it is |
10 |
> possible that some data leak out of the encrypted volume. For example, |
11 |
> if you use swap, then the decrypted contents of /home residing in RAM |
12 |
> can be swapped out. If you want to protect yourself against that, you |
13 |
> will need to encrypt the swap volume as well. The same could happen with |
14 |
> temporary files, so /tmp and /var/tmp might also need special treatment. |
15 |
> Aside from encrypting, tmpfs is another possibility here. |
16 |
> This problem is similar, but slightly different, to that described |
17 |
> by J. Roeleveld. Here I am talking about the contents of your files |
18 |
> leaking, instead of the LUKS keys. |
19 |
> If you are going to encrypt multiple filesystems, you can either |
20 |
> make separate LUKS volumes for each of them (each LUKS volume being |
21 |
> inside a partition or LVM volume, for example), or you can create one |
22 |
> LUKS volume with several LVM volumes inside. |
23 |
> |
24 |
> Sincerely, |
25 |
> |
26 |
> Bas |
27 |
> |
28 |
> |
29 |
> -- |
30 |
> Sebastiaan L. Zoutendijk | slzoutendijk@×××××.com |
31 |
> |
32 |
> |
33 |
|
34 |
|
35 |
That's something to think on. Right now, I'm going sorta simple and |
36 |
data that if I forget the password, I still got copies of. No big |
37 |
loss. Later on tho, that info could come in handy. I know a guy that |
38 |
has his locked down tight. I suspect everything is password protected. |
39 |
He was in China for a bit and it was sort of a requirement. |
40 |
|
41 |
Off to youtube. |
42 |
|
43 |
Dale |
44 |
|
45 |
:-) :-) |