Gentoo Archives: gentoo-user

From: "Sebastiaan L. Zoutendijk" <slzoutendijk@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Encrypting a hard drive's data. Best method.
Date: Sat, 06 Jun 2020 20:22:03
In Reply to: [gentoo-user] Encrypting a hard drive's data. Best method. by Dale
1 Dear Dale,
3 On Friday 5 June 2020, 11.37pm -0500, Dale wrote:
5 > Is this a secure method or is there a more secure way? Is there any
6 > known issues with using this? Anyone here use this method? Keep in
7 > mind, LVM. BTFRS, SP?, may come later.
9 Another thing to keep in mind: if you only encrypt your /home, it is
10 possible that some data leak out of the encrypted volume. For example,
11 if you use swap, then the decrypted contents of /home residing in RAM
12 can be swapped out. If you want to protect yourself against that, you
13 will need to encrypt the swap volume as well. The same could happen with
14 temporary files, so /tmp and /var/tmp might also need special treatment.
15 Aside from encrypting, tmpfs is another possibility here.
16 This problem is similar, but slightly different, to that described
17 by J. Roeleveld. Here I am talking about the contents of your files
18 leaking, instead of the LUKS keys.
19 If you are going to encrypt multiple filesystems, you can either
20 make separate LUKS volumes for each of them (each LUKS volume being
21 inside a partition or LVM volume, for example), or you can create one
22 LUKS volume with several LVM volumes inside.
24 Sincerely,
26 Bas
29 --
30 Sebastiaan L. Zoutendijk | slzoutendijk@×××××.com


Subject Author
Re: [gentoo-user] Encrypting a hard drive's data. Best method. Dale <rdalek1967@×××××.com>