On 200707012022, Vladimir Strycek wrote: > im curious, i heard that its possible to encrypt drives in debian or any > linux. But how does it work ? i meen do i have to enter password all the > time when i wanna to boot server ? or its just for some special partition ? It depends. You can do whole-system encryption, in which you will be prompted a passphrase at boot time. This is the most secure and is ideal for laptops. To get started, follow the guide in the Debian installer. In servers, you might want to trust physical security, since whole-system encryption incurs a performance degradation. (However, on a reasonably recent system, you still will be bottlenecked by Fast Ethernet at 100Mb/s). Other setups involve that you encrypt some partition or LVM LV and manually decrypt this into a running system, from which you can mount the file system that is atop the encrypted device. However, if you should choose to encrypt only, say /home, you'd need to make sure that data won't ``sieve'' onto the unencrypted parts of the system, such as /tmp or swap space. And just to restate the obvious: Encrypting and keeping the secret next to the encrypted data is as good for security as not encrypting at all. Regards, skrewz.
Attachment:
signature.asc
Description: Digital signature