Howland, Curtis [howlandc@kvh.co.jp] wrote: > > There is also this How-To: > > http://www.linux.org/docs/ldp/howto/Loopback-Encrypted-Filesystem-HOWTO. > html > thats a very good one. If you actually get the stuff at cryptoapi.sourceforce.net you can do other filesystems other than ext2 (easily). A journalled crypto filesystem on a laptop is a better idea than a bog standard ext2 one. For various reasons, otherwise for a desktop/server environment ext2 crypto is great. > I've been thinking that a 100 or 500MB encrypted loop device per user, > mounted as a subdirectory under the individual users home, would be > effective. It doesn't encrypt the entirety of the disk, nor all of the > home directory, but could be (for instance) the KDE or GNOME "Desktop" > folder, and anything there would be hid from prying eyes. > a little excessive in size but thats the kind of system I use. You need to explain to the users the limits of the encryption and how to effectively use it. Also point out the things that *don't* need encrypting. This will prevent overloading the machine and also 90% of security is down to the individual, the other 10% is *assisted* by technology. They need to know that this is not a magic block box, you do actually need to know how it works and how to use it for it to become effective. > The same caviats, "when you're logged in it's wide open" and "it's only > as good as your passphrase" apply. > > Thoughts? > smartcard, pcmcia memory card for the filesystem. Smartcards however currently don't hold very much, something like a couple of kilobytes (of mass el cheapo production). pcmcia memory stuff is expensive. However I think 8 (or less)-16Mb cards can be picked up cheaply second hand. This would make a very nice alternative as ISA PCMCIA adapters for desktops are very cheap and fully supported. This would also permit you to use your *private* data on a number of machines and even take stuff home. Another portable storage thing is of course zip/clik disks, floppies, etc. what you have to think about is how much to trust the machine, if you don't then only a detachable device would work then plugs into the local terminal. Alex -- _________________________________________ ( BOFH excuse #306: ) ( ) ( CPU-angle has to be adjusted because of ) ( vibrations coming from the nearby road ) ----------------------------------------- o ^__^ o (oo)\_______ (__)\ )\/\ ||----w | || ||
Attachment:
pgptqGdzXHCt0.pgp
Description: PGP signature