<br><br><div class="gmail_quote">2008/12/21 Richard W.M. Jones <span dir="ltr"><<a href="mailto:rjones@redhat.com">rjones@redhat.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Sun, Dec 21, 2008 at 07:47:15PM +0100, David Nielsen wrote:<br>
> I've been running using dm-crypt for a while now but it seems to me that<br>
> when all I have is some photos and documents I don't want to fall into the<br>
> wrong hands in case my machine is stolen, it's seems like overkill to<br>
> encrypt everything. Additionally it's some what cumbersome to have to unlock<br>
> the drive during boot. Another problem might be the performance hit of full<br>
> disk encryption on these low powered netbooks being unacceptable making<br>
> those a good target for a more lightweight solution?<br>
<br>
</div>Won't solve your unlocking problem, but why not have a separate<br>
encrypted /home partition? I've had separate /home partitions for<br>
years, not for encryption, just because that's the directory I really<br>
care about, so I want to be able to handle it specially anyway.</blockquote><div><br>/home is seperate on all my boxes, so yes that solution would work. I do believe Ubuntu' solution is a seperate partition they map to a folder called Private in your home dir which is unlocked at login. I have no idea of the security of that solution but it does seem that this way one could keep a few files secret while the machine is powered down so if it gets lost in the airport e.g. those few precious personal files don't fall into the wrong hands.<br>
<br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
The other reason to _not_ encrypt the system directories is so that<br>
system files can be easily mmapped into memory. And after all, there<br>
is no secret in the system files.</blockquote><div><br>no secrets.. but how else would the penguins send me coded messages to convey the dropbox locations? <br></div></div>