Encrypted home directory
Nikolay Vladimirov
nikolay at vladimiroff.com
Tue Dec 23 08:30:31 UTC 2008
2008/12/23 Bruno Wolff III <bruno at wolff.to>:
> On Tue, Dec 23, 2008 at 10:09:13 +0200,
> Nikolay Vladimirov <nikolay at vladimiroff.com> wrote:
>> 2008/12/23 Bruno Wolff III <bruno at wolff.to>:
>> > On Mon, Dec 22, 2008 at 18:48:47 +0200,
>> > Nikolay Vladimirov <nikolay at vladimiroff.com> wrote:
>> >>
>> >> It's good to have an option to do both encrypted home and dedicated
>> >> encrypted dir in home.
>> >
>> > What threat are you trying to counter by having a separate encrypted
>> > directory in your home directory? I would expect selinux to be a better
>> > solution for the kind of problem one might try to solve with an encrypted
>> > directory in their home directory.
>> >
>>
>> No, because selinux is useless if someone has physical access to my computer.
>> Booting another os(think live cds) or just doing "single selinux=0".
>
> That's what full disk (well really partition) encryption is for and which
> already works nicely. Being able to encrypt just some directories is an
> inferior solution to that problem.
>
Ok. I'm not really sure about this but I think that full disk
encryption on a software level
with a key storng enough will bring some performance loss. And some
people just want
some confidential files to be encrypted.
--
NV
More information about the devel
mailing list