[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: making encrypted $HOME as easy and convenient as possible


Jon Dowland wrote (11 Sep 2011 13:23:37 GMT) :
> I like encrypted $HOME and making the use of them as easy for people
> as possible.

So do I.

However, before we go deep into implementation details, I need to ask
what kind of usecase(s) and threat model(s) you have in mind and are
trying to solve.

When discussing such matters, one needs to be aware of the drawbacks
of encrypting $HOME only; one of these drawbacks can be summed up as:

  any data stored in your encrypted $HOME has non neglictible chances
  to be written in cleartext on the disk at some point, and stay
  there, recoverable by standard forensics tools, during a more or
  less long time.

E.g. data may be written in cleartext swap, in hibernation images,
temporary data may be written at various places on disk that are not
in $HOME: cups spool, /var/tmp, etc.

The d-i already supports easy *full* system encryption, swap included.
In some threat models, this offers a much greater protection than
encrypting $HOME only. I think the specific usecases and threat models
that make $HOME -only encryption more fit and desirable should be
clearly defined before we look for a solution. What do you think?

  intrigeri <intrigeri@boum.org>
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
  | Do not be trapped by the need to achieve anything.
  | This way, you achieve everything.

Reply to: