Re: FC7 plan comments

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2006-12-20 at 23:07 +0100, Tomas Mraz wrote:
> On Wed, 2006-12-20 at 16:23 -0500, Jeremy Katz wrote:
> > Encrypting data?  Very interesting.
> > Encrypting the OS bits that anyone can download?  Much less interesting,
> > IMHO
> 
> At least an encrypted swap is a requirement so sensitive data are not
> left unencrypted on disk. /tmp and some /var subdirs are also
> questionable.
> 
> The swap could be enabled after boot is finished when X server is
> running. /tmp and /var could be a tougher problem.

swap is straight-forward; you don't really need to have a persistent key
there.  You could even just remake the swap partition with a new random
key on every boot and it's not a big problem[1]

For /tmp and /var, you likely want poly-instantiated dirs for the user
bits and thus the encryption to be under the control of the user.  You
could also more generally use ecryptfs here to just do the specific
subtrees of each that are cared about

Jeremy

[1] There are some interesting questions around hibernate, but it mostly
requires sitting down and thinking about it

--
Fedora-maintainers mailing list
Fedora-maintainers@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers

--
Fedora-maintainers-readonly mailing list
Fedora-maintainers-readonly@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly

[Index of Archives]     [Fedora Users]     [Fedora Development]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux