Re: Questions about encrypting user homes by default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]





On Mon, Sep 23, 2019 at 11:41 PM Lukas Ruzicka <lruzicka@xxxxxxxxxx> wrote:


Passwords are mandatory (and always have been) but you can enable
autologin in gnome-control-center. This allows you to log on without
typing your password. 
 
Problem is, unless you have a LUKS password equal to your user account 
password, you'll just get a modal dialog when you log in prompting you 
to unlock gnome-keyring. So it's never really worked.

So, as I understand that, enforcing per-user encryption is not going to prevent anybody from having automatic login? User account has to have password anyway and having per-user based encryption (4.b.) would mean that LUKS password would be always equal to user password.

The only case I think disabling encryption might make sense is the absence of AES-NI instructions. However, it seems like they are missing only in older low-end or ancient CPUs [0] and even without those instructions, actual encryption/decryption speed seems to be around 200 MB/s (sure, CPU load spikes whenever you write/read). I don't expect too many systems with SSD or even (SSD) NVMe drives and CPU without AES-NI to be around.

Disclaimer: I didn't actually do any benchmark, just googled a little. I am only mentioning it might be worth finding out if it isn't too much of hassle (and I don't know how difficult this is going to be in g-i-s/Anaconda) to add logic for detecting instructions presence and not encrypting in cases where they're missing. I can try to get some numbers if there is need/interest for them.
 

Please, Franta, let's not spoil the traditions of Linux being a free (as in speech) system where everybody is
welcome to do as they want.

Yeah, but "being a free (as in speech) system" doesn't mean you'll get checkbox for everything ;) . It's more about having rights to: run the software however you would like, seeing how the software actually works, redistribute the software however you’d like and to improve the program. Here is more about that here: https://www.howtogeek.com/howto/31717/what-do-the-phrases-free-speech-vs.-free-beer-really-mean/ , https://en.wiktionary.org/wiki/free_as_in_speech .
 
[0] https://en.wikipedia.org/wiki/AES_instruction_set

_______________________________________________
desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/desktop@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora Users]     [Fedora KDE]     [Fedora Announce]     [Fedora Docs]     [Fedora Config]     [PAM]     [Red Hat Development]     [Red Hat 9]     [Gimp]     [Yosemite News]

  Powered by Linux