Re: Encrypting a partition

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Dec 24, 2007 at 06:24:43AM -0500, Robert P. J. Day wrote:
> On Mon, 24 Dec 2007, Luciano Rocha wrote:
> 
> > On Mon, Dec 24, 2007 at 03:20:26PM +0530, Amitakhya Phukan wrote:
> > > Hi all!
> > >
> > > I want to know how I can encrypt my /home partition which is inside a
> > > Logical Volume to increase the security.
> >
> > Yes, make a backup of your /home, then format the partition with:
> > 1. cryptsetup luksFormat /dev/volgroup/home
> > 2. cryptsetup luksOpen /dev/volgroup/home chome
> > 3. mke2fs -j -O dir_index -L /home /dev/mapper/chome
> >
> > Then add it to /etc/crypttab:
> > chome /dev/volgroup/home none
> >
> > Then change /etc/fstab, the line that mounts /home, to mount from
> > /dev/mapper/chome.
> 
> is there a guide somewhere to *all* of the solutions for encrypted
> filesystems under fedora?

Not that I know of, but I found this on google:
http://www.redhatmagazine.com/2007/01/18/disk-encryption-in-fedora-past-present-and-future/

> i haven't set one up for quite some time,
> but i'd like to know what my options are.  for example, AIUI, there is

Ooohh, a new acronym. I learn something new every day. ;)

> also the ecryptfs technique which is different from the above, yes?

Yes, there are various techniques. cryptoloop, truecrypt, etc..

> how does it differ?

luks/cryptsetup operate on a block-device level. Thus, every information
about files (name, size, owner, last changed/access time) are hidden.

cryptsetup uses the key as specified, while luks creates a random key
and protects it with passwords supplied by the user. Adding and removing
keys (passwords, in effect) is then possible without re-ciphering the
partition.

> is one technologically superior to the other?

It depends on your needs. For swap, you must use a block-level method,
unless you're willing to use swap over files over ecryptfs (though I
wouldn't trust it not to deadlock at the moment).

Also, luks is currently supported by Fedora 8, in that attaching a
device (or clicking to mount an already attached device) will prompt for
the passphrase and mount it (though it sometimes fails to mount under
the directory named by the label of the filesystem, and ends mounting it
under label followed by "_").

> can this encryption be done in place on an unencrypted filesystem?

Not crytpsetup, luks, cryptoloop and truecrypt. There may be others that
can, I'm not familiar with all implementations.

> and can anyone stop the new england patriots juggernaut?  so many
> questions ...

I don't know. Who arey they? :)

-- 
lfr
0/0

Attachment: pgpUjxPYaPl3a.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux