1 |
Dear Dale, |
2 |
|
3 |
On Friday 5 June 2020, 11.37pm -0500, Dale wrote: |
4 |
|
5 |
> Is this a secure method or is there a more secure way? Is there any |
6 |
> known issues with using this? Anyone here use this method? Keep in |
7 |
> mind, LVM. BTFRS, SP?, may come later. |
8 |
|
9 |
Another thing to keep in mind: if you only encrypt your /home, it is |
10 |
possible that some data leak out of the encrypted volume. For example, |
11 |
if you use swap, then the decrypted contents of /home residing in RAM |
12 |
can be swapped out. If you want to protect yourself against that, you |
13 |
will need to encrypt the swap volume as well. The same could happen with |
14 |
temporary files, so /tmp and /var/tmp might also need special treatment. |
15 |
Aside from encrypting, tmpfs is another possibility here. |
16 |
This problem is similar, but slightly different, to that described |
17 |
by J. Roeleveld. Here I am talking about the contents of your files |
18 |
leaking, instead of the LUKS keys. |
19 |
If you are going to encrypt multiple filesystems, you can either |
20 |
make separate LUKS volumes for each of them (each LUKS volume being |
21 |
inside a partition or LVM volume, for example), or you can create one |
22 |
LUKS volume with several LVM volumes inside. |
23 |
|
24 |
Sincerely, |
25 |
|
26 |
Bas |
27 |
|
28 |
|
29 |
-- |
30 |
Sebastiaan L. Zoutendijk | slzoutendijk@×××××.com |