On Mon, Mar 13, 2006 at 17:05:45 -0500, Louis E Garcia II <louisg00@xxxxxxxxxxxxx> wrote: > I am concerned about third parties getting their hand on the hard drive. Then it is probably a better solution to just encrypt the /home partition and any swap file systems. The admin will need to supply the password for /home on boot and the swap partitions can get a new random key each reboot without manual intervention. Having users do this themselves is going to be a pain and there won't be any real benefit. Note that if you lose the password(s) for the /home partition there will be no good way to get it off the disk. You will want to have the password stored in a secure place (or two), so that if the admin gets hit by a bus or the building with the password in it burns down you can recover. You should probably also be encrypting your back up tapes as similar risks probably apply to them. > Is there any documentation on this process? Where would this password be > stored? And would this be invisible to users? You might start looking at: http://www.saout.de/tikiwiki/tiki-index.php There is going to be some more user friendliness for LUKS and dm-crypt in FC5, but the kernel support and userland tools like cryptsetup are there in FC4 (and probably earlier).
