On Sat, 2006-03-25 at 17:50 +0100, Karel Zak wrote: > On Pá, bře 24, 2006 at 04:59:41 -0500, Jeremy Katz wrote: > > On Fri, 2006-03-24 at 17:50 +0100, Karel Zak wrote: > > > On Thu, Mar 23, 2006 at 09:31:19AM -0500, Daniel J Walsh wrote: > > > > Laptops have becoming the standard machine for people, replacing the > > > > desktop. We need to consider defaulting FC6 with encrypted filesystem > > > > or at least homedirs out of the box. This should be a key feature of FC6. > > > > > > I don't think that encrypted filesystem is a good way. I think better > > > idea is support for encrypted devices (partitions). It's solution > > > independent on filesystem and it's useful for swaps too. For more > > > details see cryptsetup-luks and dm-crypt. > > > > The problem is that encrypting block devices in a user-friendly fashion > > kind of sucks. > > I think the original post was about laptop users. So because the computer is smaller and I carry it with me, the user interface problems go away? I don't buy it :) > > * You don't want an encryption that's global across all of /home, you > > really want to encrypt each user's home directory separately so that > > they can access their own stuff without needing any sort of admin > > Sorry, but privacy on system where someone other has root permissions > is illusion only. I don't understand how could be really safe system > where admin is able to modify kernel or some system util and steal > your password (or private key or whatever). No, I'm saying that Bob shouldn't need an administrator to unlock the /home on his laptop. But Bob and Jim should be able to both have accounts (or maybe it's Bob and his girlfriend) Jeremy
