[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Encrypting drive

On 200707012022, Vladimir Strycek wrote:
> im curious, i heard that its possible to encrypt drives in debian or any 
> linux. But how does it work ? i meen do i have to enter password all the 
> time when i wanna to boot server ? or its just for some special partition ?

It depends. You can do whole-system encryption, in which you will be
prompted a passphrase at boot time. This is the most secure and is ideal
for laptops. To get started, follow the guide in the Debian installer.

In servers, you might want to trust physical security, since
whole-system encryption incurs a performance degradation. (However, on a
reasonably recent system, you still will be bottlenecked by Fast
Ethernet at 100Mb/s).

Other setups involve that you encrypt some partition or LVM LV and
manually decrypt this into a running system, from which you can mount
the file system that is atop the encrypted device.

However, if you should choose to encrypt only, say /home, you'd need to
make sure that data won't ``sieve'' onto the unencrypted parts of the
system, such as /tmp or swap space.

And just to restate the obvious: Encrypting and keeping the secret next
to the encrypted data is as good for security as not encrypting at all.

Regards, skrewz.

Attachment: signature.asc
Description: Digital signature

Reply to: