Interested in encrypted (home) directories?

[poptones]

-Is there any way to make device-based encryption similarly easy to
handle?-

Sure. Although I don't prefer this method because I alone use my system
and prefer to not risk losing passkeys, there are a variety of methods
using files. One is to generate a gpg keyring and assign the encryption
key to the keyring. Then when you go to log into the encrypted device it
will ask for a valid passphrase for that keyring. You can have twenty
users on a keyring, each with their own passphrase. To deny access to a
user, just delete them from the keyring. I'm not sure this is included
in dm-crypt yet, but it's in loop-aes. I don't think it would be
difficult to add to dm-crypt if it isn't already.

Encryption uses very little resources on most systems. I compared
writing 1GB to encrypted and unencrypted partitions on the same system,
it's about half as fast with my XP1600 system. Something faster
(especially with hyperthreading or two cpus) I dare say you would never
even notice the overhead. I wouldn't use an encrypted partition to
capture video, but most everything else is. 

1048576000 bytes transferred in 42.350875 seconds (24759252 bytes/sec)
1048576000 bytes transferred in 27.316233 seconds (38386552 bytes/sec)

I think people should get more into the habit of using encryption
everywhere.  But encrypting only a few files on your computer isn't
really going to protect that data - an encrypted rar, for example, will
be expanded into /tmp. So what happens when someone steals your system
and scours /tmp? Or greps the "unused" space on the drive? Encrypting
just a folder or two is, more than anything else, just a really good
way to end up in jail or divorce court. Remember that al-quaida laptop
with the "encrypted information?" 

Would be nice to see something like this added to mainstream
distributions: http://tinyurl.com/5mhmk

"Stop worrying and love the bear..."


-- 
poptones