beagle

[poptones]

-I've read the documentation that there's on the Ubuntu site that talks
about

this and how to avoid having to type 3 passwords at boot, though I
don't

like the idea that it's given there -



Why? I have been using my system like this more than two years now and
it works flawlessly. I have installed the system like this at least
fifty times and never had an issue. All you have to do is create the
installation with both a / and /usr partition, boot into a recovery
console, and type



mv /var /usr

mv /opt /usr

mv /home /usr

mv /root /usr

mv /tmp /usr

ln -s /usr/var /var

ln -s /usr/home /home

ln -s /usr/opt /opt

ln -s /usr/tmp /tmp

ln -s /usr/root /root

reboot



when your system comes back up all the user contaminated data will be
on one easily encrypted partition. You can then boot to a recovery
console if you like, edit fstab and crypttab, create the encryption
mapper and encrypt it all by typing



dd if=/dev/hd(usr partition) of=/dev/mapper/usr(whatever you named the
mapper) bs=4096k



When it's done you will have everything (except /swap) that can be
"contaminated" encrypted with a single password. Swap is easy to
encrypt because you can just set the passphrase to be retrieved from
/dev/random on every boot.



This is MUCH more secure than using keys, dongles, or "passphrase
partitions." If the passphrase for your disk is written down ANYWHERE
it is vulnerable. This allows both convenience and security.


-- 
poptones