On Mon, Dec 24, 2007 at 06:24:43AM -0500, Robert P. J. Day wrote: > On Mon, 24 Dec 2007, Luciano Rocha wrote: > > > On Mon, Dec 24, 2007 at 03:20:26PM +0530, Amitakhya Phukan wrote: > > > Hi all! > > > > > > I want to know how I can encrypt my /home partition which is inside a > > > Logical Volume to increase the security. > > > > Yes, make a backup of your /home, then format the partition with: > > 1. cryptsetup luksFormat /dev/volgroup/home > > 2. cryptsetup luksOpen /dev/volgroup/home chome > > 3. mke2fs -j -O dir_index -L /home /dev/mapper/chome > > > > Then add it to /etc/crypttab: > > chome /dev/volgroup/home none > > > > Then change /etc/fstab, the line that mounts /home, to mount from > > /dev/mapper/chome. > > is there a guide somewhere to *all* of the solutions for encrypted > filesystems under fedora? Not that I know of, but I found this on google: http://www.redhatmagazine.com/2007/01/18/disk-encryption-in-fedora-past-present-and-future/ > i haven't set one up for quite some time, > but i'd like to know what my options are. for example, AIUI, there is Ooohh, a new acronym. I learn something new every day. ;) > also the ecryptfs technique which is different from the above, yes? Yes, there are various techniques. cryptoloop, truecrypt, etc.. > how does it differ? luks/cryptsetup operate on a block-device level. Thus, every information about files (name, size, owner, last changed/access time) are hidden. cryptsetup uses the key as specified, while luks creates a random key and protects it with passwords supplied by the user. Adding and removing keys (passwords, in effect) is then possible without re-ciphering the partition. > is one technologically superior to the other? It depends on your needs. For swap, you must use a block-level method, unless you're willing to use swap over files over ecryptfs (though I wouldn't trust it not to deadlock at the moment). Also, luks is currently supported by Fedora 8, in that attaching a device (or clicking to mount an already attached device) will prompt for the passphrase and mount it (though it sometimes fails to mount under the directory named by the label of the filesystem, and ends mounting it under label followed by "_"). > can this encryption be done in place on an unencrypted filesystem? Not crytpsetup, luks, cryptoloop and truecrypt. There may be others that can, I'm not familiar with all implementations. > and can anyone stop the new england patriots juggernaut? so many > questions ... I don't know. Who arey they? :) -- lfr 0/0
Attachment:
pgpRv9uqVRhTT.pgp
Description: PGP signature
